RSAArcherGRC 6.0 Platform Admin Guide

RSA Archer GRC
Administrator Guide
Platform 6.0
Contact Information
Go to the RSA corporate web site for regional Customer Support telephone and fax numbers:
http://www.emc.com/support/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.rsa.com/legal/trademarks_list.pdf.
License agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Third-party licenses
This product may include software developed by parties other than RSA.
Note on encryption technologies

This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Note on Section 508 Compliance

The RSA Archer GRC is built on web technologies which can be used with assistive technologies, such as screen readers,
magnifiers, and contrast tools. While these tools are not yet fully supported, RSA is committed to improving the experience of
users of these technologies as part of our ongoing product road map for the RSA Archer GRC.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.
Copyright © 2010-2015 EMC Corporation All Rights Reserved. Published in the USA.
November 2015
RSA Archer GRC Administrator Guide
Contents
Preface 12
About This Guide 12
Support and Service 12
RSA Archer GRC Documentation 13
Chapter 1: Setting Up and Maintaining the Platform 15
Chapter 2: Applications 18
Building Applications 19
Adding Applications 20
Adding Data Levels in Applications 21
Setting Behaviors of an Application 22
Adding Fields to an Application 26
Defining the Layout of an Application 27
Creating Data Driven Events in an Application 27
Designating Navigation Menu Items 27
Defining a Workflow for Applications 29
Setting the Execution Order for Multiple Calculated Fields 30
Assigning Application and Owners and Report Administrators 31
Assigning Applications to Solutions 33
Attaching Documentation to Applications 35
Changing the Application Status 35
Deleting Applications or Application Content 37
Chapter 3: Questionnaires 39
Assessment Process 46
Populating the Question Library 47
Adding Questions to the Question Library 48
Importing Questions into the Question Library 52
Building Questionnaires 53
Adding a Questionnaire 55
Adding Questions and Fields to a Questionnaire 56
3
Customizing the Layout of a Questionnaire 104

Creating Data Driven Events for a Questionnaire 105
Designating Navigation Menu Items 106
Defining Workflows for Questionnaires 108
Configuring Display Rules for Questionnaires 110
Enabling Automatic Generation of Findings for Questionnaires 113
Setting Behaviors of a Questionnaire 116
Assigning Application and Questionnaire Owners and Report Administrators 121
Creating Campaigns to Launch Questionnaires 123
Attaching Documentation to Questionnaires 125
Creating Mobile Ready Questionnaires 126
Changing the Questionnaire Status 131
Importing Data into a Questionnaire 132
Modifying a Questionnaire During the Assessment Cycle 132
Deleting Questionnaires and Content 134
Chapter 4: Solutions 136

Adding Solutions 136
Updating a Solution 137
Chapter 5: Fields 139

Dynamic Attributes 142
Creating Fields by Field Types 145
Adding Access History Fields 146
Adding Attachment Fields 147
Adding Cross-Application Status Tracking Fields 151
Adding Cross-Reference Fields 154
Adding Date Fields 160
Adding Discussion Fields 163
Adding External Links Fields 166
Adding First Published Date Fields 169
Adding History Log Fields 170
Adding Image Fields 175
Adding IP Address Fields 178
Adding Last Updated Date Fields 181
4
Adding Matrix Fields 182

Adding Multiple Reference Display Control Fields 185
Adding Numeric Fields 187
Adding Record Status Fields 192
Adding Record Permissions Fields 193
Adding Scheduler Fields 196
Adding Sub-Form Fields 200
Adding Text Fields 204
Adding Tracking ID Fields 205
Adding User/Groups List Fields 207
Adding Values List Fields 212
Adding Voting Fields 215
Adding Field-Level Help 218
Assigning Access Rights to a Field 220
Changing the Field Status 221
Deleting Fields 222
Enabling and Disabling Trending on a Field 223
Calculated Fields 225
Adding Calculated Fields 228
Calculation Process 231
Functions and Operators for Calculated Field Formulas 235
Recalculation Conditions 243
References in Formulas 247
Troubleshooting Tips for Calculations 253
Cross-Reference Field 261
Adding Cross-Reference Fields 265
Dynamic Filters for Cross-Reference Fields 271
Creating Dynamic Filters for Cross-Reference Fields 274
Related Records Field 275
Recalculating Calculated Fields 276
Record Permissions Field 277
Adding Record Permissions Fields 284
Configuring Automatic Permissions for a Record Permissions Field 287
Configuring Inherited Permissions for a Record Permissions Field 290
5
Configuring Manual Permissions for a Record Permissions Field 292

Converting a User/Groups List to a Record Permissions Field 294
Values Lists 295
Adding Values List Fields 296
Adding a Global Values List 299
Adding Values to Values Lists 300
Arranging Values in Values Lists 303
Converting Field-Specific Values Lists into Global Values Lists 305
Defining Field-Specific Column and Row Values for a Matrix Field 306
Importing Values into Values Lists 310
Exporting Values from Values Lists 313
Deleting Values from Values Lists 313
Functions and Operators 316
Chapter 6: Sub-Forms 474

Adding Sub-Forms 474
Adding and Removing Documentation from Sub-Forms 476
Assigning or Revoking Sub-Form Owners 477
Changing the Sub-Form Status 478
Deleting Sub-Forms 479
Chapter 7: Data Driven Events 480

Data Driven Event Process Flow 481
Data Driven Event Rules and Actions 487
Data Driven Event Rules 489
Data Drive Event Rules Evaluation 490
Adding Rules to Data Driven Events 491
Setting the Rule Order of Data Driven Events 494
Data Driven Event Actions 495
Apply Conditional Layout Action 497
Filter Values List Items Action 506
Generate Notification Action 511
Set Date Action 519
Set Values List Selection Action 522
Troubleshooting Data Driven Events Using Event Analyzer 527
Chapter 8: Layouts 530
6
Adding Additional Layouts 531

Adding Fields to the Layout 532
Adding Objects to the Layout 534
Adding Tab Sets on the Layout 540
Adding Trending Charts to the Layout 543
Deleting Layouts 544
Chapter 9: Advanced Workflow 545

Using the Advanced Workflow Interface 550
Planning and Deploying Advanced Workflows 553
Building Advanced Workflows 555
Activating and Deactivating Advanced Workflows 565
Deploying Updates to Advanced Workflows 566
Troubleshooting Advanced Workflows 567
Chapter 10: Workflow 579

Adding Workflows to Applications or Questionnaires 581
Adding Workflow Notifications 586
Activating or Inactivating Workflows 588
Configuring the End Stage of Workflows 590
Deleting Workflow Notifications 591
Deleting Workflow Stages 592
Reordering Workflow Stages 593
Chapter 11: Offline Access 594

Configuring Offline Access Gateway 594
Offline Access Library 596
Resetting Your Offline Access Password 599
Resolving Online Access Conflicts 599
Synchronizing Offline Access Records 604
Offline Access Mode 607
Logging In to Offline Access 607
Installing Offline Access 610
Preparing for Offline Access Installation 610
Purging Data in Offline Access 611

Working Offline 612
7
Chapter 12: User Access 614

User Accounts 616
Adding User Accounts 618
Ending Active User Sessions 621
Viewing User Logon History 622
Updating User Accounts 622
Deleting User Accounts 625
User Groups 626
Adding User Groups 627
Assigning Users to User Groups 628
Deleting User Groups 630
Access Roles 630
Adding Access Roles 631
Assigning Rights to Access Roles 633
Assigning Access Role to Users or Groups 633
Setting the Default Access Role 635
Updating Access Roles 636
Deleting Access Roles 637
Security Parameters 637
Adding Security Parameters 638
Security Parameters for Mobile Users 641
Adding Security Parameters for Mobile Users 644
Assigning Security Parameters to Users 648
Setting the Default Security Parameter 649
Deleting Security Parameters 649
LDAP Configuration 650
Configuring LDAP for Managing User Accounts and Groups 651
Synchronizing Your User Accounts and Groups 658
Viewing Synchronization Status 660
Changing LDAP Configuration Status 661
Deleting LDAP Configurations 662
Chapter 13: Using Communication Tools 663

Notifications 663
Notification Publishing 666
8
Notification Blueprints 667

Record-Based Notification Blueprint Types 673
Data Source-Based Notification Blueprint Types 677
Managing Notification Blueprints 678
Activating Notifications 679
Adding Admin Notifications 683
Adding On Demand Notifications 684
Adding Scheduled Report Distributions 688
Adding Subscription Notifications 695
Adding XML Notifications 700
Configuring Default Notification Settings 704
Configuring Global Notification Settings 706
Defining Letterhead Templates 706
Defining Read Receipt Rules 709
Troubleshooting Notifications 711
Discussion Forums for Administrators 716
Adding Discussion Communities 719
Adding Discussion Forums 720
Adding Discussion Forum Roles 723
Merging Topics in a Discussion Forum 725
Locking and Unlocking Discussion Forums 726
Archiving Discussion Forums 727
Training and Awareness 728
Adding Training and Awareness Campaigns 730
Adding Presentation Events 731
Adding Acceptance Events 734
Adding Quiz Events 736
Deleting Campaigns and Events 741
Mail Merge 742
Mail Merge Syntax 744
Adding Mail Merge Templates 745
Adding Report Templates to a Mail Merge Template 747
Assigning Access Rights to Mail Merge Templates 747
Changing the Status of a Mail Merge Template 748
Deleting Mail Merge Templates 749
9
Chapter 14: Data Integration 750

Data Imports 750
Preparing for Data Imports 758
Importing Data Via the Data Import Wizard 761
Reviewing Job Queues 765
Troubleshooting Data Imports 765
Data Feeds 769
Generating the Run Detail Report 775
Running Data Feeds Now 776
Viewing the Execution History for Data Feeds 776
Archer-to-Archer Data Feeds 777
Database Query Data Feeds 806
File Data Feeds 832
FTP Data Feeds 860
HTTP Data Feeds 888
Mail Monitor Data Feeds 911
RSS Data Feeds 930
Threat Data Feeds 954
Data Publications 995
Adding Data Publications 996
Changing the Status of a Data Publication 997
Clearing the Data Publication Job History 998
Configuring Connection Parameters for Data Publications 998
Publishing Data Publications Immediately 999
Setting the Data Publications Schedule 1000
Viewing the Data Publication Job History 1001
API Integration 1001
Generating API Code 1002
Using the Web Services Description Language File 1003
Chapter 15: Packaging 1005

Packaging Rules 1010
Before You Begin 1023
Creating Packages 1028
Installing Packages 1031
10
Backing Up Your Database 1033

Importing Packages 1033
Mapping Objects 1033
Installing Packages 1049
Reviewing the Package Installation Log 1052
Deleting Packages 1059
Chapter 16: Search and Reporting for Administrators 1060

System Reports 1061
Using the Master Report Listing 1072
Defining Report Export Templates 1073
Chapter 17: Dashboards, iViews, and Workspaces 1076

Building Workspaces 1077
Building Dashboards 1082
Building Global iViews 1085
Assigning Access Rights to iViews, Dashboards, and Workspaces 1091
Attaching Documentation to iViews, Dashboards, and Workspaces 1092
Configuring Workspaces 1093
Chapter 18: Customizing RSA Archer GRC 1095

Branding Your System 1095
Setting a System Language - Globalization 1098
Adding Licensed Languages 1100
Adding New Language Translations 1101
Activating and Deactivating Languages 1104
Associating Users and Groups with a Language Through Locales 1105
Changing the Default Language 1107
Deleting Languages 1108
Displaying Licensed Languages 1109
Moving Translated Solutions Between Instances 1109
11
Preface
About This Guide 12
Support and Service 12
RSA Archer GRC Documentation 13
About This Guide

This guide contains administrator topics available in the RSA Archer GRC Online Documentation.
Support and Service
Customer Support Information www.emc.com/support/rsa/index.htm
Customer Support E-mail archersupport@rsa.com
Other Resources
RSA Archer GRC Community on RSA Link: Our public forum, on the new RSA Link Community
platform, brings together customers, prospects, consultants, RSA Archer GRC thought leaders,
partners and analysts to talk about GRC as a practice, and includes product demos, GRC videos,
white papers, blogs and more. https://community.rsa.com/community/products/ArcherGRC
RSA Archer Community on RSA Link: Our private community, is a powerful governance, risk and
compliance online network that promotes collaboration among Archer customers, partners, industry
analysts, and product experts. Engaging with the RSA Archer Community on RSA Link enables you
to collaborate to solve problems, build best practices, establish peer connections and engage with
RSA Archer GRC Thought Leaders. https://community.rsa.com/community/products/ArcherGRC
RSA Ready: RSA's Technology Partner Program is where 3rd parties gain access to RSA Software
in order to develop an interoperability and have it documented and certified. RSA Ready
certifications are posted to an online Community and supported by RSA Support.
https://community.rsa.com/community/products/rsa-ready
Preface 12
RSA Archer GRC Documentation

You can access the RSA Archer GRC documentation for Platform, Solutions, Applications, and
Content from the RSA Archer GRC Community on RSA Link.
https://community.rsa.com/community/products/ArcherGRC
Document Description
Release Notes Overview of the new and updated features in the release. A list of issues fixed in
the release and a list of issues known at the time of the release are also provided.
Available in PDF format.
Migration Overview of the differences between RSA Archer GRC version 5.x and version
Guide 6.0. The differences that an administrator will encounter and a user will encounter
are discussed. Suggestions on planning for moving your users to 6.0 are included.
Available in PDF format.
Installation Instructions for installing RSA Archer GRC 6.0, and upgrading from 5.x to
and Upgrade version 6.0. Available in PDF format.
Guide
Online All of the information for using RSA Archer GRC Platform and the Operational
Documentation Risk Management solution. A new holistic approach to the documentation
provides both Platform and solutions content in one searchable online system.
Available from within the product using context-sensitive links, as well as in a Zip
format for local installation.
Archer Control Information for managing the internal settings of the Platform, such as license
Panel (ACP) keys, global paths and settings. Available from within the ACP module.
Online Help
Web Services List of the available web services for programmatically interfacing with RSA
API Reference Archer GRC, in a searchable online system. Available in a Zip format for local
Help installation.
REST API List of the available resources for programmatically interfacing with the product
Reference through RESTful API calls to RSA Archer GRC, in a searchable online system.
Help Provides formatting guidelines for field results, field inputs, and search inputs;
provides sample code for searching, adding and updating users, and updating
assets. Available in a Zip format for local installation.
Preface 13
Document Description
Security and Overview of the security configuration settings available in the RSA Archer GRC
Configuration Platform and the security best practices for using those setting to help ensure
Guide secure operation of the Platform. Available in PDF format.
RSA continues to assess and improve the documentation. Check the RSA Archer GRC Community
on RSA Link for the latest documentation.
Preface 14
Chapter 1: Setting Up and Maintaining the Platform

As an administrator, you may be responsible for setting up or maintaining any of the following
features.
Applications, questionnaires, and solutions

End users work with records. As an administrator, you are responsible for building (or maintaining)
applications or questionnaires, which contain the records, and for creating the fields and other
elements that define the structure of the records.
Note: If you are using any of the core GRC Solutions, you may be responsible for customizing the
out-of-the-box applications or questionnaires to meet your organization's requirements. For more
information on core GRC Solutions, see the GRC Solutions Overview topic in the RSA Archer GRC
Online Documentation.
Finally, you can group related applications and questionnaires into a solution.
Users and access control

Access control provides a framework for maintaining users, roles, and security parameters, and for
assigning access rights at the system, application, record, and field levels.
l User accounts allow users to log on to RSA Archer GRC.
l User groups provide a means of grouping users based on organizational structure or geographic
locations.
l Access roles are collections of application-level and page-level rights that an administrator can
create and assign to any number of users and groups to control user privileges (create, read,
update, and delete).
l Security parameters are rules for controlling user access to RSA Archer GRC and its individual
pages.
l LDAP Configuration steamlines the administration of users and groups by allowing updates and
changes that were made in the LDAP server to be automatically reflected in RSA Archer GRC.
Communication tools
The Platform offers multiple tools for communication with and between your end users and for
ensuring that your users have access to the right information in the system.

l Notifications alert users to specific conditions within records, particularly when it is something
that requires their attention or action (for example, a record is ready to be reviewed).
l The Discussion Forums feature enables you to create structured environments where users can
exchange information on various topics.
l The Training and Awareness feature enables you to construct and deliver training and awareness
communications to specified users and groups.
l Mail merge functionality allows you to export data into a Microsoft Word document.
Data integration
You can use RSA Archer GRC as a point of consolidation for enterprise data of any type for
supporting analysis and process management. RSA Archer GRC is vendor neutral, content
independent, and provides three integration methods for consolidating data from disparate enterprise
systems for governance, risk, and compliance management.
l Data imports allow you to import data into an application or sub-form from an external data file
on a one-time basis.
l Data feeds allow you to build dynamic integrations with external enterprise systems and files that
can run automatically on an on-going schedule.
l The RSA Archer Web Services API also offers you a programmatic interface for automating the
exchange of information between RSA Archer GRC and an external application.
l Finally, data publications allow you to extract data from yourRSA Archer GRC system and load it
into external systems for data analysis and modeling.
Data packaging
Packaging allows you to copy applications and other objects from one RSA Archer GRC instance to
another, for the purposes of transferring large changes from development to test to production
instances or receiving and installing updates to RSA Archer GRC Solutions.
Reporting
Any search against an application or questionnaire that you want to save and reuse at a later time
can be saved as a report. RSA Archer GRC offers pre-built system reports and allows you to create
your own custom reports.

Workspaces, dashboards, and iViews

Workspaces, dashboards, and iViews are the visual tools that provide users quick access to records
and information related to their job function. You can create dashboards and iViews to display
reports, links, embedded web pages, RSS feeds, and other custom content. You can display these
iViews and dashboards to end users through workspaces, which are pages of related content.
Customizing the system
l You can match RSA Archer GRC to your brand by using the Appearance menu to customize
colors and logos across the user interface.
l Globalization features in RSA Archer GRC enable administrators and users to adapt the interface
and solutions to appear in languages and formats that meet the needs of different geographical and
cultural regions.

Chapter 2: Applications
Applications contain specific types of data records, such as incidents, controls, policies, or assets.
Through Application Builder, you can define the properties of applications, including the fields they
contain, their layout, their appearance in the Navigation Menu, and so on. You also can group
multiple applications into solutions, enabling end users to search against those applications with a
simple click of the mouse.
Each application has one or more owners who can modify its properties. When you access the
application list on the Manage Applications page, you can view all existing applications in RSA
Archer GRC, but you can only edit those for which you have been granted ownership rights. Owners
also have unrestricted access to records stored in the application.
Note: When you are viewing a record of an application of which you are the assigned owner or an
administrator, you can recalculate all calculated fields within the record.
Leveled applications
You can create multiple data levels within an application. By organizing fields into levels, you can
create master-detail record relationships within a single application. By linking records from one
level to records at the level above or below it, you can create powerful hierarchical applications.
Example: Leveled application
The Policies application in the Policy Management solution is an example of a leveled application. It
contains three levels of data: Policy, Area, and Section. Each record in the Area level is related
back to a record in the Policy level, and each record in the Section level is related back to a record
in the Area level, as shown in the associated diagram of the Policies application.
An application can have many levels, and each data level has its own distinct fields, as shown in the
following figure. As a best practice and to ensure optimal application performance, you should
create no more than four data levels in an application.
Using a leveled application makes the most sense when records in a child data level can relate to
one and only one parent-level record. In the Policies application example, you can see that record
“8.3.3 Password Expiration” in the Section data level can only relate back to record “8.3
Authentication” in the Area level. It would not make sense to relate record “8.3.3” in the Section
level to record “5.5 Project Management” in the Area level.
If you are considering a leveled application but foresee child-level records relating back to more
than one parent-level record, you might consider creating two applications instead and linking those
applications with a cross-reference field.
Building Applications
The following table describes the steps to build an application.
Required
Step Task or Description
optional
1 Create the Required Create the application and set basic behaviors, such as the
application default language and whether users receive updates when
and set content is published or updated.
behaviors
2 Add the fields Required Create the fields that you need for collecting and managing
to the data in the application.
application
3 Define the Required Add fields to the layout and organize the fields in groups and
application sections.
layout
4 Create data Optional Create data driven events (DDEs) if you want to automate a
driven events variety of actions based on values or dates within individual
questionnaire records.
5 Designate the Optional Determine which fields display in the search results by
Navigation default.
Menu items
Required
optional
6 Define a Optional If the application is part of a workflow or advanced

specific workflow, you can specify the order in which a user performs
workflow the tasks.
You cannot enroll records in a workflow and an advanced
workflow at the same time. To determine which feature is
best suited for your needs, see the Workflow topic for either
feature.
7 Set the Optional If the application includes more than one calculated field, you
execution can specify the order in which each field is executed.
order of
calculated
fields
8 Assign Required Each application must include at least one application owner
application and report administrator. By default, the user who adds the
owners and application is automatically given these roles. You can
report specify additional users if needed for either role.
administrators
Adding Applications
Before adding an application, decide how the application will be used and how its content will be
managed. Consider the following questions:
l Should the application be placed in production immediately, or should it remain in development
until its structure has been formally approved?
l Is there any need to assign and track tasks associated with the application content records?
l Would the use of multiple data levels make information stored within the application easier to use
and organize?
l Should notification emails be used to alert users of new and updated records within the
application?
l Which users should be granted ownership rights to the application?
l Which users should be able to create global reports in the application to share with other
application users?
l Is there a need to change the default language for the application?
After you have made these decisions, you can frame the basic structure of an application, add the
appropriate fields, configure the application layout, designate the items that display in the Navigation
Menu, and create sub-forms, among many other application options.
Add an application
1. Go to the Manage Applications page.
a. From the menu bar, click .
b. Under Application Builder, click Applications.
2. Click Add New.
3. In the Method field, do one of the following:
l To add a new application, click Create a new Application from scratch.
l To add an application from an existing application, click Copy from an existing Application
and select the application you want to copy.
4. Click OK.
5. Enter the name of the application.
6. In the Solutions field, click to assign the application to one or more solutions.
7. (Optional) In the Language field, select the default language for the application. By default, the
language is set to the language specified for the instance.
8. Click OK.
Adding Data Levels in Applications

A data level is a hierarchical grouping mechanism for a subset of fields within an application.
Add data levels to an application
1. Go to the General tab of the application that you want to update.
a. From the menu bar, click
c. Select the application.
2. In the Structure field of the Options section, click Leveled (Outline).
3. In the Levels section, click Add New.
4. In the Files to Upload section, click Add New.
5. (Optional) Enter a name, and description.
6. Click OK.
7. Click Save or Apply.

l Click Save to save and exit.
l Click Apply to apply the changes and continue working.
Setting Behaviors of an Application

The behaviors of an application include:
l Whether task management for workflow is enabled.
l Whether users receive notifications when content is updated.
l Whether spell check is run automatically when a record is saved.
l Whether users with update rights can edit a record directly from the key field link of search
results.
l Whether the default language is that of the user locale and not of the instance.
Enable direct edit mode

The direct edit mode allows users to open a record for editing from a search results list. Users with
update rights can open an editable record instead of a view-only record when they click the key field
link for a record in a Search Results list.
2. In the Options section, select the Direct to Edit checkbox.

Enable or disable notifications

When notifications are enabled, end users are allowed to receive notifications when content in the
application is published or updated.
2. In the Options section, do one of the following:
l To enable notifications, select the Notifications checkbox.
l To disable notifications, clear the Notifications checkbox.

Enable or disable task management

If you are using Workflow or Advanced Workflow, you must enable task management. By enabling
an application with task management capabilities, users can easily track and manage open and
completed activities associated with specific content records.
When you enable task management capabilities for an application, a related records field is placed
on the application layout.
Components of the related records field include:
l Open Tasks/Activities. Lists all of the open Task Management records associated with the
content record.
l Activity History. Lists all of the closed Task Management records associated with the content
record.
l To enable task management, select the Task Management checkbox. If you want to rename
the default settings for the related record fields, do the following
a. In the Task Field Name field, enter the name of the task, for example,
Open Tasks/Activities.
b. In the History Grid Label field, enter the name of the task, for example, Closed Tasks.
l To disable task management, clear the Task Management checkbox.
Note: If you disable task management, Task Management records are no longer viewable in
records of the associated application. However, all Task Management records still are stored
in the Task Management application. If task management is subsequently reactivated, all
existing Task Management records are displayed with their associated content records.

Enable spell check

Use this option to automatically spell check a record each time it is saved in an application.
2. In the Options section, select the Spell Check checkbox.

Select a default format for search results

You can select a default format for search results generated from the Records link in the Navigation
Menu, and from the Search Records page.
2. In the Options section, in the Search Results field, select one of the following formats.
Options Description
Column - Displays the search results in a columnar layout where fields are displayed
Hierarchical across the page from left to right, and the values in the search results fields are
presented showing relationships.
Column - Displays the search results in a simple columnar layout without any grouping of
Flat values.
Row Displays the search results in a row layout with fields stacked vertically and
records separated by horizontal lines.
Options Description
Summary Displays the search results in a simple block record format with the key field as
the heading for each record. Fields in the search display as values only in a
single paragraph with each value separated by a diamond symbol.

Change the default language
2. In the Options section, in the Language field, click Change.
3. From the Language list, select a default language for the application.
4. Click OK.

Adding Fields to an Application

When you create a new application from scratch, three system fields are added by default: a First
Published Date field, a Last Published Date field, and a Tracking ID field. When you create a new
application by copying another application, all of the fields from the original application are copied
over. In both cases, create as many other fields as you need.
See the Fields section for more information and detailed steps.
Defining the Layout of an Application

From the Layout tab in an application, you can control the layout of fields within the application, and
you can add tabs, sections, supporting text and custom controls to create an intuitive interface for
users as they add and edit records in the application. This tab also provides a drag-and-drop control
for organizing page elements in multiple columns, which enables you to make effective use of larger
monitors and greater screen resolution.
See the Layouts section for more information and steps.
Creating Data Driven Events in an Application

By creating data driven events (DDEs) within an application, you can automate a variety of actions
based on values or conditions within individual application records. For example, you can apply a
conditional layout, generate a notification, or set a date.
See the Data Driven Events section for more information and detailed steps for creating DDEs.
Designating Navigation Menu Items

You can select which menu items display for an application in the Navigation Menu. In addition to
configuring the display of menu items in the Navigation Menu, you can define default search settings
for searches executed in the application from the Navigation Menu. These searches include the
fields that are displayed, and the sort order of those fields.
Menu item types
Menu
Description
Item
Default By default, the following items display in the Navigation Menu:

l Search Records
l New Record
l Records
l Data Import
l Reports
If you do not want a default item to appear in the Navigation Menu, clear the checkbox
for that item.
Menu
Description
Item
field Certain field types are labeled as By field name menu items and enable you to search for
name records that include that specific field value. The following field types enable quick
filtering from the Navigation Menu:
l Cross-Reference
l Matrix
l Record Permissions
l Record Status
l User/Groups List
l Values List
data For leveled applications, the menu items are labeled By data level and enable you to
level select records that reside within a specific data level.
Designate menu items for the Navigation Menu
1. Go to the Navigation Menu tab of the application that you want to update.
b. Under Application Builder, click Application.
d. Click the Navigation Menu tab.
2. In the Show Item column, do one of the following:
l To show a menu item, click the checkbox for that item.
l To hide a menu item, clear checkbox for that item.
3. (Optional) To edit additional properties of a menu item, do the following:
a. In the Menu Item column, click the item name.
b. Set any of the following options as applicable.
Option Description
Visibility Displays the item in the Navigation Menu.
Display Specifies the text that appears in the Navigation Menu for the item that you
Alias selected to display. If you selected to display the item in the Visibility field,
you must provide the Display Alias.
Default Expands the item node in the Navigation Menu by default. This field becomes
Expansion available when the Visibility field is enabled.
Fields to Specifies the fields that display in the search results when a user clicks one of
Display these items to execute a search. The fields you select are listed under Records
and By field or By data level menu items.
Use below the Selected list to arrange the fields in the display order.
Use to remove a field from the search results for a menu item.
Sorting Specifies the list order of the fields displayed in search results, which is
executed when a user clicks the menu item.
Use the Field drop-down menu to specify whether the search results are
initially sorted in ascending or descending order. You can add new fields to
sort by.
4. Click OK.

Defining a Workflow for Applications

You can define a workflow or advanced workflow for an application.
Workflow and Advanced Workflow are separate features available in RSA Archer GRC. RSA
strongly advises against simultaneously enrolling records in both features. Enrolling records in both
Workflow and Advanced Workflow at the same time adversely affects record layouts and creates
confusion when identifying when a record has successfully progressed through a workflow.
The following table contains information to help you determine which feature suits your needs best.
Workflow Advanced Workflow
Use if you want to do the following: Use if you want to do the following:
l Create a linear content review process l Create complex non-linear workflow processes
within applications, leveled applications, within applications, leveled applications, or
or questionnaires. questionnaires.
l Send notifications only after content is l Send notifications to multiple users on-demand.
updated and saved by a user. l Enable automatic enrollment for new records,
l Enable only user-initiated enrollment updated records, or user initiated options.
options. l Visually depict the end-to-end advanced
workflow process at the administrator level.
l Designate a specific name for each node to

easily identify the intent of each stage in your
workflow process.
l Create tasks that are linked to the task-driven

landing screen of specified users.
See one of the following:

l For more information about advanced workflow and detailed steps for using them, see the
Advanced Workflow section.
l For more information about workflow and detailed steps for using them, see the Workflow
section.
Setting the Execution Order for Multiple Calculated Fields

If you are working with an application that contains multiple calculated fields and the formula for
one calculated field is dependent on the result of another calculated field, you must specify the order
in which you want to compute the calculated fields.
Note: When you add a new calculated field to an application, it displays at the bottom of the list in
the Field Calculation Order listing.
Set the execution order for multiple calculated fields
1. Go to the Calculations tab of the application that you want to update.
d. Click the Calculations tab.
2. Go to the Field Calculation Order section.
3. Drag and drop each field name into the Formula section until all the fields are in the calculation
order you want.
4. Click Save.
Assigning Application and Owners and Report Administrators

Application and owners have unrestricted access to all record content in their applications or ,
including sub-form content. If you are an owner for one or more applications or , you can open those
applications and for editing from the Manage Applications and page. When you access this page,
you see all of the applications and that administrators in your organization have created, but you can
only edit those applications and for which you have ownership rights. If no users have been assigned
ownership, only users who have been granted the System Administrator access role can open the
applications and for editing.
Application and owners

You can select the users who will serve as owners of an application or .
Note: If you want to edit notifications associated with an application, an administrator must assign
you an access role that gives you access to the Manage Subscription Notifications page.
l Owners have full editing rights over their designated applications and , which means they can
fully customize its properties. This includes adding and arranging fields in the application or ,
enabling notifications, configuring data driven events, and others.
l Ownership is automatically granted to the user who creates it. However, your rights can be
revoked by any other user who is subsequently granted ownership of the application or .
As an application or owner, you can:
l Create new records in the application or and its sub-forms.
l View all records and field content in the application or and its sub-forms, regardless of record-
level or field-level permissions.
l Update all records in the application or and its sub-forms.
l Delete any existing records in the application or and its sub-forms.
l Create global reports for the application or as report administrators.
Report administrators
You can assign permissions to users and groups for creating and editing global reports in a specific
application or .
l Global reports can be shared with any user in the application or , but only users with access to the
application or for which the report was created can see the contents of the report.
l Users who do not have global report creation rights can only create personal reports, which
cannot be shared with other users.
Assign application or owners and report administrators
1. Go to the Administration tab of the application or that you want to update.
b. Under Application Builder, click Applications or .
c. Select the application or .
d. Click the Administration tab.
2. In the Applications or Owners control group, click and do the following:
a. From the Available list, select the users or groups you want to specify as the application or
owners.
b. (Optional) Search for a specific user or group name.
3. In the Report Administrators control group, click and do the following:
owners.
4. Click OK.

Revoke ownership or report administrators
1. Go to the Administration tab of the application or that you want to update.
b. Under Application Builder, click Applications or .
c. Select the application or .
2. Do one of the following:
l To revoke ownership, click in the Applications or Owners field and click to the right of
the appropriate name in the Selected list.
l To revoke report administrators, click in the Report Administrators field and click to the
right of the appropriate name in the Selected list.
3. Click OK.

Assigning Applications to Solutions

You can assign an application to one or more solutions. Typically, solutions are assigned when you
create the application. Solutions are groups of related applications that work together to address a
particular business need. For example, you might have a Security Compliance solution that contains
the following applications: Audit Tracking, Audit Requests, and Contacts.
By selecting multiple solutions for a single application, you can reuse the same information for a
variety of purposes. For example, you could group a Contacts application into your Customer
Relationship Management and Project Management solutions so that both solutions can use contact
information from the same source.
You can also remove an application from a solution when you want.
Assign an application to a solution
2. In the Solutions field of the General Information section, click .
3. From the Available list, select the solution that you want to hold your application.
4. Click OK.

Remove an application from a solution
2. In the Solution(s) field on the General Information section, click .
3. In the Selected list, click to the right of the solution name.
4. Click OK.
Attaching Documentation to Applications

Complete this task to attach supporting documentation to an application, such as design
specifications, approval forms, or other documentation.
If you are using the Relationship Visualization feature and have created the visualization xml file,
attach this file to the application or questionnaire. For more information on the Relationship
Visualization feature, see the Configuring Relationship Visualization topic in the RSA Archer GRC
Attach documentation to an application
1. Go to the General tab of the application to which you want to attach a file.
c. Click the application.
2. In the Documentation section, click Add New.
3. Select the document file or files that you want to add to the application.
4. Click OK.
5. Click Save.
Changing the Application Status

The application status provides the means for creating an application for test purposes, archiving an
application so that data can no longer be entered, hiding an application when it is no longer used, and
for using an application to collect active data for your business.
Change the status of an application
2. In the Status field, select the status for the application.
Application status options
An application status can be set to any one of the following options:
Status Description
Production Sets the application so that users can enter 'live' data for your business
environment. These applications can be referenced using cross-reference and
cross-application status tracking fields, and users can execute searches in these
applications and save those searches as named reports.
Development Sets the application so that users can enter data without impacting live data. A
development application has all of the characteristics of a production
application, but all records in the application are displayed with a watermark.
Development applications do not count against your custom application
licenses.
Archived Sets the application so that content is read-only and users can continue to
search and display the application content. The Add, Edit, and Delete options
are disabled, along with the Data Import feature. End users can continue to
select records in an archived application through cross-reference fields in
production applications. However, calculated fields and record permissions are
not recalculated in archived applications. Archived applications do not count
against your custom application licenses.
Retired Sets the application so that it is hidden from users. Users cannot create or edit
records, and cannot execute searches or view reports that were saved in the
application at a time when it was in production.
If you retire an application that an administrator has referenced in another
application cross-reference or cross-application status tracking field, that field
is also retired.
Application owners can continue to modify retired applications, assign access
rights for retired applications, and create notification templates for retired
applications.
Important: After your organization reaches its application limit as specified by your license,
you cannot create additional production applications. You can however still create development
applications.

Deleting Applications or Application Content

If you have delete permissions to the Manage Applications page, you can delete applications for
which you have ownership rights.
Important: When an application is deleted, all data within that application is permanently lost.
Delete an application
2. Select the row of the application that you want to delete.
3. Under the Actions column, click .
Delete all content from an application

You can only delete the content of retired applications.
c. Click the application.
2. In the Status field, select Retired.
3. Click in the page toolbar to save your changes.
4. Click the Administration tab.
5. In the Delete Application Content field, click Delete Content.
6. In the Warning dialog box, select the checkbox indicating that you understand the implications of
performing this operation.
7. Click OK.
Chapter 3: Questionnaires
The Questionnaire feature is available only if your organization has licensed the Audit Management,
Risk Management, Vendor Management, or Compliance Management solution. Questionnaires can
be configured to run on mobile devices if RSA Archer GRC is licensed for mobile questionnaires.
The Questionnaire feature enables you to do the following:
l Automatically score questionnaire records and generate findings for each incorrect answer.
l Build and deliver targeted assessment campaigns for any type of organizational object, such as
your assets, business processes, or vendors.
l Build or import questions in the Question Library application for use in any questionnaire.
o Assign questions to categories and apply filter properties that you can later use to create
question display rules.
o Assign correct answers, numeric answer values, and question weighting, and you can link
Values List questions to authoritative sources and control standards to measure and report
compliance.
l Build questionnaires by selecting questions from the Question Library for inclusion and assigning
the questionnaire to a target application, such as Applications or Facilities.
l Configure your application structure by preparing the target application and by configuring risk
register and metrics.
l Create a library of questions linked to authoritative sources and control standards.
l Define question display rules that dynamically show or hide questions to end users based on
attributes of the target they are assessing.
l Ensure that all necessary policies, control standards, and authoritative sources are available.
l Launch questionnaires online through assessment campaigns.
l Monitor and report on inherent and residual risk, and measure compliance.
Questionnaire terminology
Term Definition
Questionnaire A questionnaire is structurally similar to an application but with unique qualities

that enable administrators to better create and support risk assessment processes.
A questionnaire is tied to a target application, such as Assets, Vendors, Business
Processes, and so on to facilitate the assessment of specific target objects.
Questionnaires include system-generated fields that calculate the progress, status,
and scoring of individual questionnaire records. These system fields also enable
administrators to assign submitters and reviewers for questionnaire records and to
specify due dates. You can add an unlimited number of questions to a
questionnaire based on the type of target the questionnaire is designed to assess.
Questionnaire A collection of fields and questions linked to a specific target application record.
Record Questionnaire records are stored within questionnaires.
Question A field type unique to questionnaires that serves as the functional component of an
assessment. The following question types are available: Attachment, Cross-
Reference, Date, Numeric, Text, and Values List.
Questions enable users to evaluate the specific item being assessed, such as an
asset, business process, vendor, facility, and so on. Each question has a
configurable set of properties that govern how the question is displayed in the
questionnaire and how (or whether) the user is to interact with it. In addition to the
properties associated with standard fields, questions can be filtered through
specific question display rules, linked to authoritative sources, included in
assessment scoring, and utilized in automated findings generation.
You can create questions with predefined answers that users can select from, or
you can allow users to enter free-form text, dates, or numeric entries. You can
also allow users to attach documents, pictures, diagrams, and other types of files
to a questionnaire to provide supporting information or evidence.
Target The application that contains a specific set of items, such as servers, vendors, or
business processes. For example, a Data Security questionnaire might have the
Devices application as its target. The questionnaire records within the Data
Security questionnaire would pertain to individual records in the Devices
application, such as a specific database server.
Term Definition
Campaign Automates creating questionnaire records for assessment targets based on the
properties of target records. For example, if the target of the questionnaire is a
Devices application, the campaign can auto-create questionnaire records for all
devices in a production environment. Campaigns may be configured to populate
questionnaire records with the year, quarter, and due date of the assessment, along
with the assigned submitter and reviewer. Recurring campaigns can be launched,
and multiple campaigns may be created for each questionnaire.
Findings Documents incorrect answers to questions in a questionnaire. Findings are

managed through the Findings application and can be automatically generated
when findings rule criteria are satisfied. Users can also create findings manually.
Using the Findings application, administrators can document, categorize, and
remediate issues of non-compliance. Findings are not a required component of the
assessment process, but by enabling findings, administrators can gain valuable
insight into areas of non-compliance within their organization.
Question A unique grouping of questions enabling you to organize and filter results, such as
Category Access Control, Business Continuity, and Risk Management. If you enable
Findings for a questionnaire that you are managing, RSA Archer GRC
automatically creates Findings records for questions that are answered incorrectly,
and each finding includes the associated question category, enabling you to search
and sort findings by category.
A key use of question categories is for creating question display rules. You can
define rules to show or hide questions when end users fill out a questionnaire
based on attributes of the target they are assessing. For example, you have defined
a question display rule for a questionnaire that assesses targets in your Assets
application. The question display rule specifies that if an asset contains
confidential customer data, the questionnaire should display all questions in the
Access Control category. When an asset manager in your organization fills out the
questionnaire to assess the security of a server that houses confidential customer
data, the asset manager will be prompted to answer the Access Control questions
you have selected for display.
Question Show or hide questions in a questionnaire based on attributes of the assessment

Display Rule target. Using display rules, a single questionnaire can be used to assess all targets
of one type (such as all servers) even though those targets vary in their individual
attributes.
Question A numeric attribute that can be assigned to any Values List question. The question
Weighting weight is used to generate the question score.
Term Definition
Question A calculated value determined for each Values List question. The value is
Score determined by the following formula:
[question weight] * [numeric value assigned to selected answer] = question score
or (for multi-select Values List questions):
[question weight] * SUM ([numeric value assigned to selected answer1], [numeric
value assigned to selected answer2]) = question score
Question scores are rolled up to determine a questionnaire score.
Inherent The sum of all question scores for a questionnaire record. This score represents
Score the natural risk associated with the target in absence of any remediation activities
or changes in the environment.
Residual The risk that remains in a target after findings are remediated. This score is
Score calculated as Inherent Risk – Remediation Changes = Residual Risk. While
inherent risk is calculated only once, residual risk changes over time as findings
are remediated. The residual score is displayed in the Quantitative Summary in a
questionnaire record, enabling end-users to monitor changes to the score over
time.
Tasks Action items that have been assigned to a user relating to a finding. All tasks are
created and managed through the Task Management application, which can be
used to document the remediation activities associated with items identified in the
Findings application.
Question types
Question
Description
Type
Attachment Enables users to upload documents, pictures, diagrams, and other types of files to a
questionnaire record to provide supporting information or evidence. When
configuring an Attachment question, you can specify the total number of files that
can be uploaded (attached), as well as the size (between 1 and 100 MB) permitted
for each file. You can also enable end users to keyword search into attached
documents. The following file types are supported for document searching:
l Microsoft Word
l Microsoft Excel
l PDF
l Text
Cross- Enables users to associate records from other applications or questionnaires with a
Reference questionnaire record.
When you create a Cross-Reference question, a Related Records field is
automatically added to the related application or questionnaire. Within an individual
record in the related application or questionnaire, you can see all records that have
been cross-referenced to that record.
Date Accepts only a valid date entry and is displayed to users with a calendar icon. Users
can either enter dates directly or click to select a date from the Date Range
dialog box. You can also enable users to enter a time of day to associate with the
date.
The Date question type also supports a default date value. The default date value is
set when a questionnaire record is created. When configuring the default value, you
can select to display the date of questionnaire record creation, a date that is a
specific number of days after the date of record creation, or a static, specific date.
You also can select to display no default value.
Question
Description
Type
Numeric Accepts both positive and negative values and, by default, accept values of any size.
However, when configuring a Numeric question, you can choose to apply minimum
and maximum value constraints. You can also specify the number of decimal places
permitted for the value.
The Numeric question type also supports the following specialized options:
l Numeric Ranging - If you enable this option, you can define a set of numeric
ranges and apply a descriptive name to each range. For example, a range named
"High" might be mapped to the numeric range "8 - 10." The range name you
define for the question is then displayed in the Filter by Value section of the
Search Records page for the questionnaire. This allows users to search across a
range of values for your Numeric question by selecting the range name as part of
their filter criteria.
l Format - By selecting this option, commas are used to separate units of numbers.
For example, if you enter the value "10000" in the Edit mode of the record, the
value would be displayed as "10,000" in the View mode of the record.
l Prefixes and Suffixes - By selecting one or both of these options, you can insert
text (up to 10 characters, including special characters) before or after the value in
a Numeric question to provide context for end users. For example, you can enter a
dollar sign as a prefix or a distance unit as suffix.
Text Accepts both alphabetic and numeric entries. It can be displayed to users in a single-
line or a multi-line (scrolling) text area. If the question is configured as a text area,
you can specify the height (in lines) for the control.
By default, entries in this question type are not restricted. However, when
configuring this question type, you can choose to set a maximum character length for
entries. In addition, you can restrict users from entering a value in the Text question
that is identical to a value entered in another record within the questionnaire, thereby
ensuring that all values in the Text question are unique.
Question
Description
Type
Values List Provides users with a list of predetermined values from which to choose. This field
type can be expressed using one of several interface control types:
l Drop-down
l Radio buttons
l Checkboxes
l List box
l Values pop-up
You can also add a numeric weight to a question and assign a numeric value to the
individual selections available within the question. These numbers are used to
compute the score for a questionnaire.
You can populate a Values List question with either a custom or a questionnaire
values list. If you use a custom answer list, you must define the answers for the
question. Custom answer lists cannot be reused to populate any other Values List
question.
Note: You can create questionnaire values lists that you can reuse for any Values
List question within the questionnaire.
Assessment Process
The following phases provide a general overview for building and delivering an online questionnaire
to assess risk within your organization.
Assessment
User Details
Phase
Creating and Questionnaire Create new questions or import your existing questions through
Configuring Owner/Admin the Question Library application. When configuring your
Questions questions, do the following:
l Select the appropriate question type to ensure the correct data
is collected.
l Determine the weighting of individual questions.
l Include the appropriate answer selections and determine the

correct answer to the question.
Building Your Questionnaire Build your questionnaire according to requirements outlined by

Questionnaire Owner/Admin your organization by doing the following:
l Create your questionnaire and select the application that
contains the targets that you want to assess, such as
applications, facilities, or vendors.
l Copy your questions from the Question Library and edit them
as needed.
l Define rules to determine the questions that are displayed

based upon the properties of the specific target.
l Enable the automatic generation of Findings records for

incorrectly answered questions.
l Create an assessment campaign to launch the questionnaire to

the appropriate end users.
Important: Configure the questionnaire completely before

releasing it to users. If you change a questionnaire during an
assessment cycle, you may lose data that has already been
gathered by the questionnaire.
Assessment
User Details
Phase
Assessing End-users Users complete their assigned assessments through the RSA
Your Target Archer GRC web-based interface. While assessing a target, the
end user can include question-specific comments to support their
answers, attach supporting evidence, and delegate additional
users to an assessment as needed.
Evaluating End-users When users complete their assigned questionnaire records, they
Findings can view reports to determine the risk associated with specific
targets. With the Findings feature enabled, RSA Archer GRC
automatically generates Findings records for each incorrectly
answered question to identify areas of noncompliance.
Resolving End-users To help resolve issues of non-compliance, the Exception

Issues of Requests and Remediation Plans applications are tied to Findings.
Non- In addition, as findings are discovered, you can assign, track, and
Compliance manage open and completed activities associated with specific
findings through the Task Management application.
Populating the Question Library

The Question Library is an application in RSA Archer GRC that stores assessment questions that
you can reference and copy into a questionnaire. Each question is stored as an individual record, and
each record contains information including the question and answer text as well as information
necessary to display and score the question. Depending on the solution that you have licensed, the
Question Library contains a large set of pre-built questions by default. In addition, you can add new
questions and store them in the Question Library.
When you create a questionnaire, you can copy any number of questions from the Question Library
to the questionnaire. Once copied, you can modify and configure that question as needed, without
affecting the original question record stored in the Question Library.
You can use the Question Library application to build a consistent, centralized library of questions
for any type of assessment. For each question in the library, you can assign correct answers,
numeric score values, weighting, and other attributes. These settings enable you to dynamically filter
the questions that are presented in specific assessments. Additionally, you can easily link questions
to authoritative sources, control standards, and corporate policies to measure and report compliance.
If your organization uses the Policy Management solution as the foundation to an enterprise risk and
compliance management program, you can link individual questions directly to relevant internal
controls and authoritative sources. While this linkage is not required, it enables you to measure
compliance with controls and regulations for any type of target, such as a vendor, business process,
or facility.
You can update the question text that is displayed to end users when they fill out a questionnaire or
view the results of a completed questionnaire. For example, you could change the question "Is all
data stored on this server encrypted?" to "Is all confidential data stored on this server encrypted?"
If you are working with a Values List question, the Question tab also provides a control for applying
a numeric weight to the question. (You cannot assign a weight to other question types, including
Text, Numeric, Date, Attachment, and Cross-Reference). When a user completes a questionnaire,
the question weight is multiplied by the numeric value of the selected answer to produce a question
score.
Use the following tasks:
l Adding Questions to the Question Library
l Importing Questions into the Question Library
Adding Questions to the Question Library

Each record in the Question Library application represents a single question. Once saved in the
library, this question can be copied and used within a questionnaire as long as it has an active status.
You also can import multiple questions at the same time.
Add a question to the question library
1. Add a new record to the Question Library application.
a. From the menu bar, click workspace.
b. Select the solution you want.
c. Click Question Library.
d. Click New Record.
2. In the Status field, select Active.
3. In the Question Name field, enter a name for the question.

This name labels and identifies the question. It also is the key field for the Question Library
record.
4. From the Category list, select a category.

The category determines the section in which the question is displayed. It also determines
whether a question is displayed to a user when there are Question Display Rules in the
questionnaire. If your user account has edit privileges, you can click Edit and add additional
categories to the list.
5. In the Question Text field, enter the text for the question that is displayed to the user.
6. From the Question Type list, select a question type.

You cannot change this value after you save the question.
7. In the Display Format field, select how the question is displayed.
8. Depending on the question type that you selected, configure the applicable sections.
Attachment questions
Complete the fields in the Attachment Question Type section.
Field Action
Maximum File Size Specify the maximum file size of the attachments.
Maximum Number of Specify the maximum number of attachments that can be

Attachments uploaded for the question.
Date questions
In the Time Information field in the Date Question Type section, specify whether to include
time information in the answer.
Numeric questions
Complete the fields in the Numeric Question Type section.
Field Action
Minimum Specify the minimum numeric value that can be entered for the answer.
Value
Maximum Specify the maximum numeric value that can be entered for the answer.
Value
Decimal Specify the number of decimal places that can be entered for the answer.
Places
Numeric Specify whether the answer includes commas to separate units of numbers,
Format for example, 1,000,000.
Text questions
In the Text Field Height field in the Text Question Type section, specify the height of the text
field displayed to the user.
Values List questions
a. Complete the fields in the Values List Question Type section.
Field Action
Display Specify how you want users to select answers for the question. Options
Type include Drop-down lists, Radio buttons, Checkboxes, Listbox, and
Values Popup.
Display Specify the display order for the answer values associated with this
Order question. If you select Custom, the Question Library record references
the value contained in the Order field in the Answer Values section.
Question Specify the weight of the question for scoring purposes. Enter a numeric
Weight value.
Column Specify the number of columns to use for the layout of a Values List
Layout question that uses radio buttons or checkboxes. Select a value from
between 1 and 6.
Minimum Specify the minimum number of answer values that can be selected for
Selection the question.
Maximum Specify the maximum number of answer values that can be selected for
Selection the question. This field is set to 1 for drop-down list and radio button
questions.
Authoritative Specify the content records linked to the question that provide support or
Sources background information for your question. The applications available for
selection in this list are determined in the Manage References field.
Manage Enables you to add applications for selection in the Authoritative

References Sources field.
Control Specify the content records linked to the question that are identified as
Standards Control Standards. The records available for selection are determined
by the records available within your Control Standards application. This
option is not available if you have not licensed the Policy Management
solution.
b. Complete the fields in the Answer Inheritance Type section.
Field Action
Inherit Answers From Enables you to reference the answer values for another
Another Question question.
Related Question(s) If you select to inherit answers, use this field to select the
specific record from which to inherit answers.
Answer Values If you select not to inherit answers, use this field to add
answer values. See step 17.
c. Add answer values, as follows:
i. In the Answer Inheritance Type section, in the Answer Values sub-form field, click
Add New.
Note: If you selected to inherit answers from another question, you can edit those
answers using the Answer Values sub-form. Changes to the answers do not affect the
Question Library record from which you are inheriting answers.
ii. In the Order field, select the display order for the answer value.
iii. In the Answer field, enter the text of the answer.
iv. In the Description field, enter the logic and reasoning behind the answer.
v. From the Correct list, select whether to designate the answer as correct. You can
designate one or more answers to be correct.
vi. Select whether to set the answer as the default selection for the question. Only one
answer can be the default.
vii. From the Other list, select whether users can enter an explanation for the answer.
Only one answer can be designated as Other.
viii. If you selected Yes in the Other list, from the Other Height list, select the display
height for the text box that will display next to the answer value.
ix. If you selected Yes in the Other field, in the Other Text field, enter the default text
that you want displayed in the text box. For example, enter, "Please explain your
selection."
x. Select the numeric value to associate with this answer.
Using the Calculations feature, you can reference these numeric values in calculated
fields for custom questionnaire scoring.

Importing Questions into the Question Library

If you have a large number of questions to add to the Question Library, you can use the Data Import
feature instead of manually entering each question individually. The Data Import feature includes a
set of configuration options to import data from a file to the appropriate fields and records in the
Question Library.
Step 1: Prepare for data import

To ensure that the data is correctly and efficiently copied into the application, examine both your
external data file and the Question Library application before importing questions into the Question
Library. Taking a few minutes to plan a successful data import reduces the amount of time spent
resolving import errors.
Consider the following points as you examine your import file and the Question Library application
into which you are importing data:
l Your file must be a delimited-values data file. The Data Import Wizard requires you to specify
the primary and secondary delimiters used in your data file. Know these characters before you
begin the data import.
l Many fields in the Question Library application are required. These fields, including their values,
must be present in your data import file for a successful data import. In addition, only certain
types of values are accepted in the Question Library fields. Base the structure of your import file
on the fields described in Add a Question to the Question Library.
l The import process copies data from the import file into the Question Library; it does not create
any new fields. The data within your import file must map to an existing field within the Question
Library application.
l Mapping fields from your data file to fields in the application is much easier if the corresponding
fields have the same name. The application automatically maps import fields to application fields
when they have the same name, which can save time in manually mapping fields.
l If your data import includes Values List questions, you must perform two separate operations.
First, import data into the Question Library records. Second, import the associated Answer
Values sub-form on a subsequent data import. You cannot import the Answer Values information
at the same time as the initial data import.
Important: Your import data file for the Answer Values sub-form must contain the unique identifier
from the parent Question Library record. For example, if you are importing answer values for the
question, "Does this application contain customer data?" you need to include the unique identifier for
this question. This practice ensures that your answer values are associated with the correct question.
You can use values from either the Question ID or the Question Name field as unique identifiers for
a Question Library record.
Step 2: Import questions into the Question Library
1. Examine both your external data file and the Question Library application.
2. To import the data file that contains the questions, run the Data Import Wizard.
3. If your data import includes Values List questions, you need to import the associated Answer
Values sub-form on a subsequent data import.
Note: You cannot import the Answer Values information at the same time as the initial data
import.
Building Questionnaires
The following table describes the steps to build a questionnaire.
Required
Optional
1 Create the Required Create the questionnaire.

questionnaire
2 Add questions Required Create the questions and fields that you need for collecting
and fields to data during the assessment.
the
questionnaire
3 Configure the Required Add fields and questions to the layout and organize them in
layout groups and sections.
Required
Optional
4 Create data Optional Create data driven events (DDEs) if you want to automate a
driven events variety of actions based on values or dates within individual
questionnaire records.
5 Configure Optional You can determine which fields display in the search results
Navigation by default.
Menu items
6 Define Optional If the questionnaire is part of a workflow, you can specify the
workflows order in which a user performs the tasks.
7 Configure Optional You can create rules to show or hide questions based on
question individual attributes of the assessment target.
display rules
8 Enable Optional You can configure a questionnaire to automatically generate

automatic findings when a user answers one or more questions
generation of incorrectly while filling out the questionnaire.
findings
9 Set the Optional If the questionnaire includes more than one calculated field,
execution you can specify the order in which each field is executed.
order for
multiple
calculated
fields
10 Set Required Set basic behaviors, such as the question display style and
questionnaire whether the questionnaire is mobile-ready.
behaviors
11 Assign Required Each questionnaire must include at least one questionnaire

questionnaire owner and report administrator. By default, the user who
owners and adds the questionnaire is automatically given these roles. You
report can specify additional users if needed for either role.
administrators
Adding a Questionnaire
You can create a new questionnaire by naming and describing the questionnaire, and assigning the
questionnaire to an existing solution. For example, if you are assessing technical assets for PCI
compliance, you would group the questionnaire into the Enterprise Management solution. You also
select the target application that houses the objects of your assessment, such as applications,
business processes, vendors, and so on.
Another key step in the creation process is to determine whether you want to copy questions from
the Question Library into your questionnaire or create new questions from scratch. If you select to
copy questions, you can select any number of questions from the Question Library, and those
questions automatically are displayed in the layout of your questionnaire and grouped into sections by
category.
Important: Ensure that all necessary policies, control standards, and authoritative sources are
available.
Add a questionnaire
1. Go to the Manage Questionnaires page.
b. Under Application Builder, click Questionnaires.
2. Click Add New.
l To use the settings of an existing questionnaire as a starting point for your new questionnaire,
select Copy an existing Questionnaire and select the existing questionnaire from the
Questionnaires list.
l To select new settings for the questionnaire, select Create a new Questionnaire from scratch.
4. Click OK.
5. Complete the General Information section:
a. In the Name field, enter a name for the questionnaire.
b. In the Solutions field, click , assign the questionnaire to one or more solutions, and click
OK.
c. In the Language field, select a language.
d. In the Target Application field, click , select an available application to assign to the
questionnaire and click OK.
If the application that you selected is leveled, the Target Level field is displayed. Click
and select a level from the list.
e. To copy questions from the Question Library into the questionnaire, select the Question Copy
checkbox.
6. Click OK.
Adding Questions and Fields to a Questionnaire

When you create a questionnaire, you can add questions by copying questions from the Question
Library or by adding them manually.
In addition to the questions themselves, questionnaires contain several standard fields for collecting
data on the assessment. Standard fields differ from questions in that they do not include question text
or weighting, they cannot be filtered using question display rules, and they are not included in
progress calculations for questionnaire records and campaigns. However, standard fields offer more
variety for data collection than questions do, and you can control user access to fields, whereas all
questions are inherently public.
Copy questions from the Question Library into a questionnaire
Note: After you copy a question from the Question Library into your questionnaire, it is no longer
connected to the original question in the Question Library. As a result, you can modify the question
without affecting the version in the Question Library. This enables you to tailor questions for a
specific type of assessment. For example, you can change the question weighting, relate a question
to additional authoritative sources, add new answer options, and more.
l If you just added a new questionnaire and selected the Question Copy checkbox, go to step 2.
l Go to the Fields tab of the questionnaire you want to modify, and click Question Library.
c. Select the questionnaire.
d. Click the Fields tab.
e. Click Question Library (in the top-right corner of the page).
Note: You also can access the Record Lookup page from the Layout tab. Click the Add
New Field arrow and select Add from Question Library.
2. On the Record Lookup page, select the checkbox for each question that you want to copy into
your questionnaire.
Note: To limit the types of questions that you see on the Question Lookup page, enter the values
that you want to filter by in the filter boxes for that column. Click Filter in the column header to
refine your search results. You can also select all questions within the Search Results page by
selecting the checkbox at the top of the Question Name column.
3. Click OK to copy the selected questions into your questionnaire. When prompted to confirm your
selections, click OK to complete the copy operation.
When you leave the Question Lookup page, the Administrators tab is displayed on the Manage
Questionnaires page. In the Last Question Library Copy control group at the bottom of the page,
you can see the status of your copy operation. When it is complete, click the Layout tab to view
your questions in the questionnaire layout. The questions automatically are grouped in sections by
question category.

Add questions manually

See the following tasks:
l Adding Attachment Questions
l Adding Cross-Reference Questions
l Adding Date Questions
l Adding Numeric Questions
l Adding Text Questions
l Adding Values List Questions
Add fields
l Adding Access History Fields
l Adding Attachment Fields
l Adding Cross-Application Status Tracking Fields
l Adding Calculated Fields
l Adding Date Fields
l Adding Discussion Fields
l Adding External Links Fields
l Adding First Published Date Fields
l Adding History Log Fields
l Adding Image Fields
l Adding IP Address Fields
l Adding Last Updated Date Fields
l Adding Matrix Fields
l Adding Multiple Reference Display Control Fields
l Adding Numeric Fields
l Adding Record Status Fields
l Adding Record Permissions Fields
l Adding Scheduler Fields
l Adding Sub-Form Fields
l Adding Text Fields
l Adding Tracking ID Fields
l Adding User/Groups List Fields
l Adding Values List Fields
l Adding Voting Fields
Adding Attachment Questions
To protect data integrity, you cannot change the question type. For example, you cannot change a
Date question into a Text question, after a question has been created.
Step 1: Create a new attachment question in a questionnaire
1. Go to the Fields tab of the questionnaire in which you want to add a new question.
2. Click Add New
3. In the Creation Method section, select one of the following:
l To add a new field , click Create a new Field from scratch and click Attachment from the
Question Field Type list.
l To add a new question from an existing question, click Copy an existing Field and select the
attachment field you want to copy
4. Click OK.
5. In the General Information section, enter a name and description for the question.

Step 2: Set question options
1. Go to the Options tab of the question that you are creating.
e. In the Field column, click the question that you want to configure.
f. Click the Options tab.
2. In the Display Control section, select the option you want.
Display
Description
Control
Grid Displays multiple fields of data from the referenced record spanning the width of
the page in a table format (Grid) or in a single-column format. The attachment
information displays as a resizable grid control that displays the name, size and file
type for each file. When you select the Grid option, users with appropriate access
can view the Download History report. This report provides a summary of the
download history of a document including the user, email address, and download
date. Users can upload files by clicking Add New.
Single Displays a single column with links to the attachment files.

Column
3. In the Options section, select the options you want to use.
Option Action
Required Designates the field as required and forces users to enter a value when adding or
Field editing a record in the application. Required fields are indicated with an icon
(selected in the Appearance feature) to alert users that they must enter a value.
If this checkbox is not selected, users can skip this field when adding or editing a
record in the application.
Auditing Displays auditing information next to the field each time that its value is
Information changed. The auditing information includes only the name of the user who made
the change and the date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user interface.
Search Makes this field available for display in search results. If this checkbox is not
Results selected, this field is not included in search results and its values cannot be
referenced in search filters.
Search Includes the field by default in search results for the application. This option does
Default not prevent users from removing the field from the Search Results page. Users
Field can click Modify in the toolbar and remove the field from the Fields to Display
section of the application Search Records page.
Option Action
Keyword Allows users to use this field in a keyword search to find documents attached to
Searching the field. File types supported for document searching include Microsoft Word,
Microsoft Excel, PDF, Text, and .CSV. If a user does not have access to the
field but the field is configured to allow keyword searching, the field is still
searched but not included in the search results.
Validate Designates that a calculated field is recalculated whenever any value is changed
Always in a record. If the Validate Always option is not selected, this field is validated
only when the value in that field has changed.
4. In the Configuration section, specify the minimum and maximum number of attachments and size
limitations of the attachment files
Option Description
Minimum Specifies the minimum number of attachments that you want to require for an
Attachments attachment field.
Maximum Specifies the maximum and minimum number of attachments that you want to
Attachments require for the field.
Maximum Specifies the maximum file size, up to 100 MB, that you want to allow for each
Size file uploaded to the attachment field. This setting does not restrict the total size
of all files uploaded to the field.
Users may experience a long wait time when attaching large files to a record. If
you allow users to attach multiple large files, periodically monitor the available
space and current usage of the file repository to ensure optimized system
performance.
Display Designates the fields you want to display along with your attachment file.
Fields

Step 3: Add question text
1. Go to the Question tab of the question that you are creating.
e. In the Field Name column, click the question.
f. Click the Questions tab.
2. In the Question Text field, enter the text for your question.
3. From the Category list, select an appropriate category for the question. If necessary, click Edit to
modify the list of categories.
Note: A question can belong to only one category.
4. In the Format Style field, select the applicable option.

Step 4: Set question filter properties

You can create and assign any number of filters to a question. You can apply the filters that you
create for one question to any other question in the same questionnaire. However, you cannot share
filter properties between questionnaires.
e. In the Field Name column, click the field whose properties you want to define.
l To apply an existing filter to the current question, click in the Values column for that filter
in the Question Filter Properties section, and select the specific filter value that applies to
your question. To remove a filter from the question, click to the right of the filter value.
l To add a new filter, click Add New.

Important: Do not click to remove a filter from the current question. Doing so will
permanently delete the filter for all questions that use it. Instead, use to remove the filter from
the current question while preserving its application to other questions. If the Value column for a
filter is blank, that filter is not applied to the current question.
3. In the General Information section, enter a name and description for the filter.
4. In the Filter Values section, click Add New.
5. In the Value field, enter the value text and click Apply.
6. (Optional) Repeat steps 4 - 5 to add any additional values as needed.
7. Click Save on the Edit Filter Property page to return to the Manage Field page.
8. In the Question Filter Properties section, click to the right of the filter that you just created.
9. Select one or more filter values to apply to the question.

Adding Cross-Reference Questions
The cross-reference question type enables users to associate records from other applications or
questionnaires with a questionnaire record.
Step 1: Create a new cross-reference question in a questionnaire
Note: To protect data integrity, the Questionnaire feature prohibits question type changes, for
example, changing a Date question to a Text question, once a question has been created.
2. Click Add New
l To add a new field , click Create a new Field from scratch and click Cross-Reference from
the Question Field Type list.
cross-reference field you want to copy
4. Click OK.
6. In the Available Reference field, select the application or questionnaire that you want to
associate with this question.

Display
Description
Control

Column
Option Action
Enable Allows the field to be editable in search results and reports.

Inline Edit
Option Action
Enable Determines whether a display is editable in a grid that has inline edit enabled.
Editable
Grid
Display
Lookup Specifies whether users can access a Record Lookup page for selecting records
from the related application. Clear this checkbox if you only want to allow users
to create new records for cross-referencing. You must select this checkbox if
you want the cross-reference field to be available for selection in a MRDC field
or are creating a dynamic filter.
Add New Determines whether the Add New link is displayed in a grid for allowing users to
add new records to the related applications from a record in view mode. Users
will not have to open a record in edit mode to create new related records. If a
user does not have rights to create records in the related application, the link is
not displayed for that user.
When a user creates a new related record from view mode, that record will be
selected in the cross-reference field just as it would if it were created from edit
mode. For example, if a user opens a Vendor record in View mode and creates a
record in the related Audits application by clicking Add New in the cross-
reference field, that new Audit record will be selected in the cross-reference
field of the Vendor record, even though the user did not open the Vendor record
for editing.
Tree Determines whether the related records in a leveled application for cross-
Display referenced records are displayed in a hierarchical format for a single-column
display. The following figure shows top-level record references flush with the
left margin of the field, and record references in subsequent data levels indented.
When records with the cross-reference field are exported in CSV format, the
Tree Display option is disabled to allow the data to be re-imported into the
application. All other data export formats preserve the cross-reference tree
display for the field.
Option Action
Disable Disables the Remove button for records displayed in this field.
Remove
4. In the Record Lookup Configuration section, specify the rules for finding the related records of
the cross-reference field.
Option Action
Display If you selected the Grid or Single Column display control, you can define the fields
Fields of data from the relationship application that should display in the Record Lookup
page for end users when they select related records in the Cross-Reference field.
To select fields for display, click in the Display Fields field and select the fields
that you want to display from the Available list.
Use the below the Selected list to arrange the fields. The top-to-bottom order of
fields in the Selected list display as the left-to-right order of fields in the Record
Lookup page.
Note: If the relationship application is a leveled application, and you selected

fields from two or more levels to be displayed in the Cross-Reference field, you
can only arrange those fields on a level-by-level basis. You cannot intermix fields
from separate data levels.
Filters To limit the records users can select in the Cross-Reference question to only those
records that contain specific field values, apply filter criteria to the records.
Sorting If you selected the Grid or Single Column display control, you can define the fields
by which cross-referenced records should be sorted within the Lookup control. For
example, in an "Investigators" Cross-Reference field, you could sort the display of
referenced records alphabetically by investigator name.
Option Action
Display Select how you want the cross-referenced records displayed on the Record Lookup
Format page:
l Column Hierarchical. Displays the records in a columnar layout where fields

are displayed across the page from left to right, and the field values are presented
showing relationships.
l Column-Flat. Displays the records in a simple columnar layout without any

grouping of values.
5. In the Grid Display Properties section, select the fields displayed in the record look-up for the
cross-reference field.
Option Action
Use Record Select this option to apply the values selected in the Record Lookup
Lookup Configuration section to the corresponding View/Edit Display control group
Configuration fields.
Display If you selected the Grid or Single Column display control, you can define the
Fields fields of data from the relationship application that should display in the
Lookup control for end users when they select related records in the Cross-
Reference question.
To select fields for display, click in the Display Fields field and select the
fields that you want to display from the Available list.
Use the below the Selected list to arrange the fields. The top-to-bottom
order of fields in the Selected list display as the left-to-right order of fields in
the Lookup control.
Note: If the relationship application is a leveled application, and you

selected fields from two or more levels to be displayed in the Cross-
Reference field, you can only arrange those fields on a level-by-level basis.
You cannot intermix fields from separate data levels.
Option Action
Sorting If you selected the Grid or Single column display control, you can define the
fields by which cross-referenced records should be sorted within the Lookup
control.
For example, in an "Investigators" Cross-Reference question, you could sort
the display of referenced records alphabetically by investigator name.
Option Description
Minimum Specifies the minimum number of selections (from none to 20 selections) that a
Selections user can select in the Dropdown, Checkboxes, Listbox, or Values Popup display
control.
Maximum Specifies the maximum number of selections (from none to 20 selections) that a
control.
Default Determines the number of cross-referenced records that display in the grid and is
Records only available when the display control is set to Grid. If this option is selected,
Display only the first designated number of records are displayed. For example, when this
option is set to 10, only the first 10 records display in the grid. If the number of
records exceeds the default display number, a View All link is displayed. A user
can click this link to view all of the associated records.





Adding Date Questions
To protect data integrity, you cannot change the question type. For example, changing a Date
question to a Text question, after a question has been created.
Step 1: Create a new date question in a questionnaire
2. Click Add New
l To add a new field , click Create a new Field from scratch and click Date from the Question
Field Type list.
date field you want to copy
4. Click OK.

Display Control Description
Text Box - Date Only Displays a date in a text box or dropdown list by date or by date
Text Box - Date and and time.
Time
Dropdown - Date Only
Dropdown - Date and
Time
Option Action

Inline Edit
Unique Prevents users from entering an identical value in a field in separate records. If a
Field user saves a value in this field and the same value has already been saved in the
field in a different record, the user is prompted to enter a unique value.
Option Action
Key Field Designates the field as the key field of a record. You must designate one field in
the application as the key field, but can only designate one field as the key field.
You can select the key field values in search results, and users can click the
values to open individual records. A key field must be on the page layout of the
application.
After saving the field, you can only clear this checkbox by selecting another field
as the key field in the application. When you select this option, the Required
Field, Search Results, and Search Default Field checkboxes are automatically
selected.
limitations of the attachment files.
Option Description
Default Specifies the default date value of the date field when a user adds a new record in
Value the application. The default date is set when the record is created. This date is not
affected by record edits. The following options are available:
l None. Select None if you do not want to place a default value in the date field.
l Current Date. Select Current Date to display the date of record creation in the
date field.
l Future Date. Select Future Date to display a default date value that is a specific
number of days after the date of record creation. Then enter the specific number
of days in the field to the right.
l Specific Date. Select Specific Date to display a static date as the default value
for the date field, and enter the date in the field to the right or click the Calendar
icon to select the date from a calendar dialog box.





Adding Numeric Questions
To protect data integrity, you cannot change the question type changes. For example, changing a
Date question to a Text question, after a question has been created.
Step 1: Create a new numeric question in a questionnaire
2. Click Add New
l To add a new field , click Create a new Field from scratch and click Numeric from the
numeric field you want to copy
4. Click OK.

2. In the Options section, select the options you want to include in search results.
Option Action

Inline Edit
Option Action
Trending Enables trending on the field based on a duration period.
Duration Designates the duration for which you want to retain trending data.
Type The available values are calculated in days as follows:
Days 1 day
Months 30 days
Quarters 90 days
Years 365 Days
By default, the value of this field is No Selection, but you must

select a Duration Type when the Trending option is selected. If you
click Apply without changing the value, a warning message is
displayed. Click OK to return to the Options tab.
Duration Specifies the number of days, months, quarters, or years for which
Amount trending data is retained.
application.
selected.
Option Action
Sum Field Provides a total of all values entered in the field on the Search Results page for
an application or leveled application. The sum is only shown on Column-
Hierarchical and Column-Flat report format types.
When this option is selected, the total value appears in the last row of Numeric
Field column. The summation value represents a grand total and is displayed on
each page.
Numeric Allows users to filter search results in the application based on specific ranges of
Ranging values in the numeric field. When you select this option, you must define the
numeric range and its values after the numeric field is configured.
Format Formats the value using thousand separators.
3. In the Configuration section, specify the minimum and maximum number of

attachments and size limitations of the attachment files
Option Description
Decimal Specifies the number of decimal places that you want to require for values entered
Places in the field. The largest value available for this field is 6. If a user enters a value
in the numeric field with fewer decimal places than the number you have required,
the value is padded with zeros.
For example, if you require 3 decimal places and a user enters a value of "4.1" in
the field, the value is displayed as "4.100" when the record is saved. If a user
enters a value in the field with more decimal places than the number you have
required, the user is not permitted to save the record and is prompted to limit the
number of decimal places in the value to fit the field requirements.
Option Description
Negative Specifies how the negative numbers will display. Options include:
Display
l (1234.56) font color = red; default option
l -1234.56 font color = red
l (1234.56) font color = black
l -1234.56 font color = black
Minimum Specifies the minimum values users must enter in the numeric field within a
Values defined range, for example, 1-100.
Maximum Specifies the maximum values users must enter in the numeric field within a
Prefix Specifies the text (up to 10 characters) that appears in front of the numeric value.
For example, if you enter "ABC" in this field, record would be "ABC123456."
Suffix Specifies the text (up to 10 characters) that appears after the numeric value. For
example, you could enter "miles" to label the field value as a measurement of
distance. For the tracking ID, you enter "XYZ" in this field. The tracking ID value
for a record would be "123456XYZ."
Increment Specifies the value that the number is increased or decreased. Available options
By are .01, .1, 1, 10, 100, 1000, or No Increment.




Adding Text Questions
To protect data integrity, you cannot change the question type. For example, changing a Date
question to a Text question after a question has been created.
Step 1: Create a new text question in a questionnaire
2. Click Add New
l To add a new field , click Create a new Field from scratch and click Text from the Question
Field Type list.
text field you want to copy
4. Click OK.

Display
Description
Control
Text Field Displays the field as a limited character text box or in a rich text area where
Text Area users can enter text in HTML format.
Option Action

Inline Edit
application.
selected.
Option Description
Default Specifies the default date value of the date field when a user adds a new record
Value in the application. The default date is set when the record is created. This date is
not affected by record edits. The following options are available:
date field.
l Future Date. Select Future Date to display a default date value that is a
specific number of days after the date of record creation. Then enter the
specific number of days in the field to the right.
for the date field, and enter the date in the field to the right or click the
Calendar icon to select the date from a calendar dialog box.
Maximum Restricts the number of characters a user can enter in a text field.
Characters If you use rich text formatting in a text area, RSA Archer GRC counts the HTML
formatting tags embedded in the text as characters, causing a warning message
informing you that the text entered in the field exceeds the maximum number of
characters. If this condition occurs, set the Maximum Characters field to a value
higher than the number of characters that you expect to be entered in the field.
Option Description
Input Specifies the text format that a user must enter for a text area field. You can
Mask select one of the following masks:
l SSN - Format = ###-##-####. The mask will be configured so the entire SSN is
confined to one field.
l Telephone - Format = ###-###-####. The mask will be configured so the entire

phone number is confined to one field.
l Zip Code - Format = #####.
l Zip+4 - Format = #####-####.
l IP Address v4 - Format = ###.###.###.###.
l IP Address v6 Full - Format = ####.####.####.####.####.####.####.####.
l Email Address - The mask will be configured to require the At (@) sign.





Adding Fields to a Questionnaire
In addition to the questions themselves, questionnaires contain several standard fields for collecting
data on the assessment. Standard fields differ from questions in that they do not include question text
or weighting, they cannot be filtered using question display rules, and they are not included in
progress calculations for questionnaire records and campaigns. However, standard fields offer more
variety for data collection than questions do, and you can control user access to fields, whereas all
questions are inherently public.
System-generated questionnaire fields

When you create a questionnaire, the system-generated fields described in the following table are
added to the questionnaire. You can configure the properties of some of these fields, while others
must remain in their original state.
Name Field Type Configuration Description
% Correct Calculated Field access The percent of Values List questions that were
Numeric only answered correctly rounded to the nearest whole
number.
All Findings Calculated Field access The number of findings related to the
Numeric only questionnaire record.
Campaign Values List Field access The name of the campaign to which the
Name only questionnaire record belongs.
Comments Sub-Form Fully A sub-form that captures comments made for

configurable individual questions.
Correct Calculated Field access The number of Values List questions that were
Numeric only answered correctly.
Created By User/Groups Fully The user who created the questionnaire record.
List configurable
Created Date First Fully The date the questionnaire record was created.
Published configurable
Due Date Date Fully The date by which the questionnaire record
configurable should be completed and submitted.
Findings Cross- Fully Findings associated with the questionnaire

Reference configurable record.
Findings Values List Fully The status of findings-generation activity for the
Generation configurable questionnaire record.
Status
History Log History Log Fully A history log that tracks the following fields:
configurable Due Date, Year, Quarter, Submitter, Submission
Status, Submit Date, Reviewer Review Status,
and Review Date.
Incorrect Calculated Field access The number of Values List questions that were
Numeric only answered incorrectly.
Inherent Calculated Field access The sum of all Values List question weighted
Score Numeric only scores.
Last Updated Last Fully The date the questionnaire record was last
Updated configurable updated.
Date
Maximum Calculated Field access The maximum potential score for the
Score Numeric only questionnaire, calculated by summing the
question scores for every Values List question
displayed in the questionnaire record.
Open Calculated Field access The number of findings related to the

Findings Numeric only questionnaire record that have a status of
"Open."
Overall Calculated Fully The overall status of the questionnaire based on

Status Values List configurable the Submission Status and the Review Status
(values include In Process, Awaiting Review,
Approved, and Rejected).
Progress Calculated Field access The number of questions that have been
Text only answered and the total number of questions in
the questionnaire record, for example, "13 of
30."
Progress Calculated Field access Percent of the questionnaire record that is

Status Values List only complete rounded to the nearest 20% (values
include 0%, 20%, 40%, 60%, 80%, and 100%).
Quantitative Calculated Field access The results of the completed questionnaire in an

Summary Text only HTML table with the following information
grouped by category: correct questions, incorrect
questions, percent correct, inherent score,
residual score, and open findings.
Note: This field will only be populated if you

enable findings for the questionnaire.
Quarter Values List Fully The calendar quarter of the assessment.

configurable
Questionnaire Tracking ID Fully The unique tracking ID for the questionnaire

ID configurable record.
Questions Calculated Field access The number of Values List questions in the
Scored Numeric only questionnaire record.
Queue Status Values List Fully Tracks the success or failure of findings
configurable generation for a questionnaire.
Remediation Calculated Field access The maximum potential score for all findings that
Score Numeric only are closed, calculated by subtracting the score
for each incorrectly answered question from the
maximum possible score for each of those
questions, and then adding the resulting values
together. For example, you have a question that
was incorrectly answered, resulting in a score of
1. If the questions were answered correctly, the
score would have been 5. The difference is 4. If
you have five questions that follow this same
pattern, and the finding for each of these
questions is closed, your remediation score
would be 20.
Residual Calculated Field access The remaining inherent risk after the closure of
Score Numeric only some or all of the findings associated with the
questionnaire record.
Review Date Date Fully The date the completed questionnaire record is
configurable reviewed.
Review Values List Fully The review status of the questionnaire (values
Status configurable include Awaiting Review, Approved, and
Rejected).
Reviewer User/Groups Fully The user who is responsible for reviewing the
List configurable questionnaire record once it is submitted.
Submission Values List Field access The submission status of the questionnaire
Status only (values include In Process, Submitted, and Re-
Submitted).
Submit Date Date Fully The date the completed questionnaire record is
configurable submitted.
Submitter User/Groups Fully The user who is responsible for answering the
List configurable questions in the questionnaire record.
Target Cross- Fully The specific target of the assessment, located in

Reference configurable your target application.
Year Values List Fully The year of the assessment.

configurable
Use the following tasks to add fields to a questionnaire:
l Adding Cross-Reference Fields
Adding Values List Questions
A Value List question type enables you to create questions with predefined answers.
Step 1: Create a new values list question in a questionnaire
Note: To protect data integrity, the Questionnaire feature prohibits question type changes, for
example, changing a Date question to a Text question, once a question has been created.
2. Click Add New
l To add a new field , click Create a new Field from scratch and click Values List from the
values list field you want to copy
4. Click OK.
6. In the Values List, field, do one of the following:
l If you want to create new answer values for this question, leave Field-Specific List selected.
l If you want to use answer values from a previously created list, click [...], select the values
list, and click OK.


You can define the display and functionality of a question. Because the options provided on this tab
vary significantly among the various question types, this section first explains how to access the
Options tab on the Define Fields page, and then it provides specific instructions for each field type.
Display
Description
Control
Dropdown Displays a list of items from which users can select an item.
Radio Displays a list of items from which users can select an item.
Buttons
Check Displays a list of items from which a user can select one or more items.
Boxes
Listbox Displays a selection list from which users can select one or more items.
Values Displays a selection list from which users can select one more items. For
Popup example, a users and groups list may contain hundreds or thousands of users. In
this case, a values popup list may be the best solution. For a two or three
selections, the best control might be dropdown, radio buttons, or checkboxes.
Option Action
Option Action

Inline Edit
Days 1 day
Months 30 days
Quarters 90 days
Years 365 Days

Description Displays the selected value for the field as a hyperlink when users view records
Links in the application. Users can click the linked value to read a description of the
value from a pop-up window.
Option Description
control.
Option Description
control.




Step 5: Link to authoritative sources

You can link a Values List question to authoritative sources with which your company must comply,
such as regulations, industry standards, common practices and state laws. If your organization
licenses the Policy Management solution, you can link directly to records within the Authoritative
Sources application. If you do not license Policy Management but have a custom application that
includes authoritative sources, you can link to records in this application.
Important: If you do not manage authoritative source data in RSA Archer GRC, disregard the
Authoritative Source References section on the Define Fields page. You cannot use this feature.
1. Go to the Question tab of the question you are creating
2. In the Authoritative Sources section, click Manage References.
3. Create a reference to authoritative source application as follows:

a. Click Add New.
b. Select one or more applications.
c. Click OK.
4. Click the Question tab.
5. To link the question to a specific record within your designated authoritative sources application,
click Select in the Authoritative Source References section.
6. Select one or more authoritative sources that you want to link to your question.
7. Click Save.
8. Click OK.
9. To remove a selected authoritative source reference, click in the Reference column.

Step 6: Link to control standards

Linking a question to a control standard also enables you to search completed questions for instances
of non-compliance with a particular standard. If you enable findings for the questionnaire that you
are managing, the system automatically creates Findings records for questions that are answered
incorrectly, and each finding includes the associated control standard, enabling you to search and
sort findings by standard.
Important: This option is available only if your organization licenses the Policy Management
solution, which includes a Control Standards application. If you do not license Policy Management,
the Control Standards control is not displayed, and you cannot use this feature.
2. In the Control Standards section, click in the Reference column.
3. Select the control standard that you want to link to your question:
a. Scroll through the list of available control standards, or click Show Filters and enter
keywords to narrow the list.
b. After you locate the control standard that you want to link to your question, select the
checkbox for that standard. You may select multiple checkboxes.
4. Click OK.
5. To remove any selected control standard references, do the following:
a. Click and in the Record Lookup dialog box.
b. Clear the checkboxes or any record references that you want to remove.
c. Click Apply.

Step 7: Add answer values
Note: This step is only required if you created a values list question in step 1.

Important: The Answers tab enables you to create and edit custom answers that are unique to the
question you are managing. If you have selected to use a questionnaire values list rather than a
custom list for the question, you also can create and edit answers in that shared list. Any changes
that you make to a questionnaire values list impacts every question that uses the list. If you need to
add or edit answers for a question that uses a questionnaire values list but you do not want your
changes to impact other questions, RSA recommends that you delete the question and recreate it to
use a custom answer list. You can then create the appropriate answers for the question without
affecting any others.
The answers must have an active status so that it is available for selection.
1. Go to the Answers tab of the question that you are creating.
To add answer values manually, follow these steps:
a. Click Add New.
b. In the Text Value field, enter the answer text, for example, Yes.
c. In the Description field, enter a description for the answer.
d. Do any of the following:
l To configure this answer as the default selection for users, select the Default Selection
checkbox .
l To associate a numeric value with the answer, in the Numeric Value field, enter the
appropriate number in this field.
l To display the answer in a specific color, click in the Text Color field and select the
color.
Note: If you associate a color with an answer, the color is displayed in questionnaire
records in view mode. Answers are not displayed in color when users fill out a
questionnaire.
l To set the answer as the correct answer for all questions that utilize the list, select the
checkbox in the Correct field.
l To include an image to represent the answer, such as a green checkmark for the value
"Yes," click Add in the Image field, select a graphic and click OK.

Note: If you associate an image with an answer, the image is displayed in questionnaire
records in view mode in place of the value name. Answers are not displayed as an image
when users fill out a questionnaire.
l To require users to enter an explanation when they select the answer, select the
checkbox in the Other field and enter comments in the text box.
Important: You may select Other for only one answer per answer list. If you create
another answer and select the Other checkbox, the checkbox is cleared for the first
answer. If users have already provided comments for the first answer while filling out a
questionnaire, those comments will be lost.
e. In the Properties area, click Save.
To import answer values from an XML file, follow these steps:
a. Click Import.
b. Click Add New.
c. In the Open dialog box, select the .xml file that you want to import.
d. Click Open.
e. Click OK.
3. From the Sort Order list, select the applicable option for sorting the items list.
Option Description
Custom Lists the values in the specific order that you define. To adjust the order of
values, click and drag the value to the position in the list.
Ascending Lists the values in ascending alphanumeric order. For example, the values
"High," "Medium," and "Low" would be displayed in the following order: High,
Low, Medium.
Alphanumeric sort is not supported for values lists that contain values in multiple
languages.
Descending Lists the values in descending alphanumeric order. For example, the values
"High," "Medium," and "Low" would be displayed in the following order:
Medium, Low, High.

Option Description
Random Lists the values in a different order each time the list is displayed. This variation
in display order minimizes the chance that end users detect patterns.

Creating Questionnaire Values Lists
Complete this task to create questionnaire values lists that you can reuse for any values list question
within the questionnaire.
For example, you could create a questionnaire values list with the answers "Yes," "No," and "I don't
know," and you could use this list for questions such as "Is sensitive cardholder data securely
disposed of when no longer needed?" and "Are all but the last four digits of the account number
masked when displaying cardholder data?" By creating questionnaire values lists that you can reuse,
you can save a significant amount of time in the creation and management of Values List questions
within your questionnaire.
Questionnaire values lists are different from global values lists in that you cannot share them
between questionnaires. The questionnaire values lists are restricted to individual questionnaires but
can be shared among questions in that questionnaire. You can export a list from one questionnaire to
another. Keep in mind that if you export a questionnaire values list to another questionnaire, the two
values lists are not connected in any way. If you make a change to one list, that change is not
reflected in the other.
Create questionnaire values lists
1. Go to the Properties tab of the questionnaire you want to modify.
b. Under the Application Builder section, select Questionnaires.
d. Click the Properties tab.
2. Click the Lists tab.

l To create a new questionnaire values list, click Add New and select whether to make an
original list or copy an existing list. To select new settings for the values list, select Create a
new Values List from scratch. To use the settings of an existing values list, select Copy an
existing Values List and select the existing values list from the list. Click OK.
l To edit the properties of an existing list, click the name of the list in the Name column.
The Manage Questionnaire Values List page is displayed.
a. In the Name field, enter the name for the list.
b. In the Description field, enter a description.
c. In the Alias field, update the alias for the list.
5. In the Values section, add or edit the values in a values list.

Customizing the Layout of a Questionnaire

Once you add questions and fields to a questionnaire, you can arrange their layout using the Layout
tab of the Manage Questionnaires page. The options for arranging the layout of a questionnaire are
the same as arranging the layout of an application, except that you work on the Manage
Questionnaires page rather than on the Manage Applications page.
Note: For information about mobile layouts for mobile ready questionnaires, see Creating Mobile
Ready Questionnaires.
In addition, the questionnaire already includes a variety of system-generated fields arranged in

sections within the layout. These fields enable you to assign submitters and reviewers, to specify due
dates, and to identify the year and quarter for all questionnaire records in an assessment campaign.
Some of the system fields are read-only calculated fields that contain the status of a questionnaire
record, the score of the completed record and links to findings that were generated for incorrect
answers. System-generated fields are not available in a mobile-ready questionnaire.
When adding questions, try to group your questions into sections, especially if you have a large
number of questions. Sections help to visually organize a questionnaire for the benefit of the users.
All fields moved on to the mobile layout are maintained in the sections to which they belong on the
web layout.
See the Layouts section for more information.

Creating Data Driven Events for a Questionnaire

By creating data driven events (DDEs) within a questionnaire, you can automate a variety of actions
based on values or dates within individual questionnaire records. Data driven events, which are
configured on the Events tab of the Manage Questionnaires page, provide two types of conditional
actions: the ability to change certain parameters of the user interface based on specific field values
and the ability to generate email notifications based on date information.
Important: When a data driven event includes a rule with a Set Date action and is used in a
questionnaire, the Review Date and Submit Date must be included in the General Information
section of the questionnaire. By default, these fields are included in this section.
System-generated questionnaire events

When you create a questionnaire, a series of data driven events are generated by the system and
added to your questionnaire. An event is made up of two parts: a rule and an action. These data
driven events help your organization automate some of the manual processes involved in submitting
and reviewing questionnaire records. Each rule is described in the following table.
Action
Rule Description
Type
Hide Findings Apply This action hides the Findings section when no findings have been
Grid Conditional associated with the questionnaire record.
Layout
Quantitative Apply This action provides the Quantitative Summary Section when all the
Summary Conditional questions displayed within the questionnaire record have been
Section Layout answered.
Display
Set Review Set Date This action sets the Review Date field within a questionnaire record
Date to the current date when the value in the Review Status field
changes to Approved or Rejected.
Set Review Set Values This action sets the Review Status field to Awaiting Review when
Status Upon List the value in the Submission Status field changes to Re-Submitted.
Re- Selections
Submission
Set Set Date This action sets the Submission Date field within a questionnaire
Submission record to the current date when the value in the Submission Status
Date field changes to Submitted or Re-Submitted.

Action
Rule Description
Type
Set Set Values These actions limit the values available for selection in the
Submission List Submission Status field to In Process and Re-Submitted when the
Status List Selection value of the Review Status field changes to Rejected.
Values Filter
Values
List Items
See the Data Driven Events section for more information and detailed steps for creating DDEs.
Designating Navigation Menu Items

You can select which menu items display for an questionnaire in the Navigation Menu. In addition to
configuring the display of menu items in the Navigation Menu, you can define default search settings
for searches executed in the questionnaire from the Navigation Menu. These searches include the
fields that are displayed, and the sort order of those fields.
Menu item types
Menu
Description
Item
Default By default, the following items display in the Navigation Menu:

l Search Records
l New Record
l Records
l Data Import
l Reports
If you do not want a default item to appear in the Navigation Menu, clear the checkbox
for that item.

Menu
Description
Item
field Certain field types are labeled as By field name menu items and enable you to search for
name records that include that specific field value. The following field types enable quick
filtering from the Navigation Menu:
l Cross-Reference
l Matrix
l Record Permissions
l Record Status
l User/Groups List
l Values List
data For leveled applications, the menu items are labeled By data level and enable you to
level select records that reside within a specific data level.
Designate menu items for the Navigation Menu
1. Go to the Navigation Menu tab of the questionnaire that you want to update.
b. Under Application Builder, click Questionnaire.
2. In the Show Item column, do one of the following:
l To show a menu item, click the checkbox for that item.
l To hide a menu item, clear checkbox for that item.
3. (Optional) To edit additional properties of a menu item, do the following:
a. In the Menu Item column, click the item name.
b. Set any of the following options as applicable.

Option Description
Visibility Displays the item in the Navigation Menu.
Display Specifies the text that appears in the Navigation Menu for the item that you
Alias selected to display. If you selected to display the item in the Visibility field,
you must provide the Display Alias.
Default Expands the item node in the Navigation Menu by default. This field becomes
Expansion available when the Visibility field is enabled.
Fields to Specifies the fields that display in the search results when a user clicks one of
Display these items to execute a search. The fields you select are listed under Records
and By field or By data level menu items.
Use below the Selected list to arrange the fields in the display order.
Use to remove a field from the search results for a menu item.
Sorting Specifies the list order of the fields displayed in search results, which is
executed when a user clicks the menu item.
Use the Field drop-down menu to specify whether the search results are
initially sorted in ascending or descending order. You can add new fields to
sort by.
4. Click OK.

Defining Workflows for Questionnaires

By default, questionnaires include two User/Group List fields: Submitter and Reviewer. These fields
facilitate a two-stage workflow process. You can define the workflow process by doing the
following:
l Defining the users and groups available for selection in these fields.
l Promoting the users and groups fields to Record Permissions fields if you want to use them to
control access to questionnaire records.
l Adding User/Groups List or Record Permissions fields to expand the content review process
according to your risk management methodologies.
In addition, you can define a workflow or advanced workflow for a questionnaire.


workflow process.

See one of the following:

l For more information about advanced workflow and detailed steps for using them, see the
Advanced Workflow section.
l For more information about workflow and detailed steps for using them, see the Workflow
section.

Configuring Display Rules for Questionnaires

Using display rules allows you to utilize a single questionnaire for all targets of one type (such as all
vendors), even if those targets vary in their individual attributes. Without display rules, you would
have to create separate questionnaires for each variation of your target type. For example, you would
have to create one questionnaire for vendors that have access to your confidential data and another
questionnaire for vendors that do not. Display rules give you the flexibility to centralize all questions
for a target type in a single questionnaire, which saves you time and enables you to use your
additional questionnaire licenses to assess other types of targets (such as assets, controls, business
processes, and so on).
Display rule types - show and hide
l Show Rules - Enable you to display specific questions within a questionnaire record based on the
attributes of your questions and of the assessment target. For example, you could create a show
rule specifying that when a target vendor provides payment handling services to your company.
The questionnaire record for that vendor should show questions related to access authorization,
encryption and intrusion detection, and all questions related to the Payment Card Industry (PCI)
Data Security Standard. When you define show rules, it is important to note that only the
questions that meet your rule criteria are displayed. All other questions are omitted from the
questionnaire.
l Hide Rules - Allow you to hide specific questions within a questionnaire record based on
attributes of your questions and of the assessment target. For example, you have created a hide
rule specifying that when a target application is used to manage internal accounting processes, the
questionnaire record should exclude questions related to encryption but display all other questions
related to applications. When you define hide rules, it is important to note that all questions in the
questionnaire except for those you select to hide are displayed in questionnaire records for targets
that meet the rule criteria. Questions that are hidden within a questionnaire record are not counted
when the score for the questionnaire is calculated, nor are they counted when the system
calculates the overall completion status of the assessment campaign.
Display rules and question filters

Display rules are based on the filter properties that you assign to a question. Each filter must have a
name and list of values, and you can create and assign any number of filters to a question. For
example, the name of your filter could be "Customer Data," and the available values could be "Yes"
and "No." When you assign the filter to a question, you will select the filter and the specific filter
value that applies to the question. For example, you would apply the "Customer Data: Yes" filter to
the following question: "Do you have a documented program in place to dispose of customer data

when you no longer need to handle it?"

Then, for example, you have defined a question display rule for a questionnaire that assesses targets
in your Vendors application. The question display rule specifies that if a vendor handles the financial
information of your customer, the questionnaire should display all questions with the following filter
properties:
l Customer Data: Yes
l Financial Data: Yes
When a vendor relationship manager in your organization fills out the questionnaire to assess a
vendor that handles the financial information of your customer, the manager is prompted to answer
all questions with these filter properties, as determined by the question display rule that you defined.
How display rules are evaluated

Question display rules are evaluated only one time for each questionnaire record. Each show rule
and hide rule is evaluated individually at the time of record creation to determine the appropriate
questions to display in the questionnaire. The system first evaluates the show rules and generates a
list of questions to show based on attributes of the assessment target. Then the system evaluates the
hide rules, generates a list of questions to hide, and removes those questions from the show list.
Finally, a questionnaire record is created that includes only those questions that are applicable to the
assessment target.
If the assessment target changes after the questionnaire record for that target has been created, the
display rules are not re-evaluated for the questionnaire. For example, if the target is an application
that is changed from Development to Production status, the questionnaire record is not updated to
include questions related to production environments. To include these questions in a questionnaire
for the application, you would need to create a new questionnaire record for the application.
Configure show and hide rules for questionnaires
b. Under Application Builder, click Questionnaire.
2. Click the Rules tab.

3. Complete one or both of the following:
l To create a show rule, in the Show Rules section, click Add New.
l To create a hide rule, in the Hide Rules section, click Add New.
4. Complete the General Information section.
5. In the Target Application Conditions section, define the conditions within the assessment target
that will cause the rule to prove true.
a. In the Field To Evaluate column, select the field to evaluate for one or more specific values.
b. In the Operator column, select the filter operator.
c. In the Value(s) column, select the values for the condition.
d. If you have created more than one condition, you can apply advanced logic to your search
criteria.
Note: To create additional conditions, click Add New.
6. Add more conditions, if needed, to the Target Application Conditions section. To add more
conditions, click Add New.
7. In the Question Display Actions section, define which questions to show or hide in the
questionnaire record when the rule evaluates to true for the target of the assessment. In the Filter
Property column, select the question property that you want to use to determine which questions
to show or hide when the rule criteria are met.
8. In the Operator column, select one of the following operators to define the relationship between
the question property and the specific filter values that will cause a question to be shown or
hidden when the rule proves true:
Operator Description
Contains If the question is configured with the filter property and value, the question will be
shown or hidden. The question may also have other values in the same filter
property. For example, if you specify the filter "Confidentiality: High" where
"Confidentiality" is the filter property and "High" is the value, a question that
includes the filter "Confidentiality: High" and the filter "Confidentiality: Medium"
will be shown or hidden.

Does not If the question is configured with the filter property and value, the question will be
Contain shown or hidden. The question may also have other values in the same filter
property. For example, if you specify the filter "Confidentiality: High" where
"Confidentiality" is the filter property and "High" is the value, a question that
includes the filter "Confidentiality: High" and the filter "Confidentiality: Medium"
will be shown or hidden.
Equals If the question is configured with the filter property and only the value you
specify, the question is shown or hidden. For example, if you specify the filter
"Confidentiality: High" and a question includes the filters "Confidentiality: High"
and "Confidentiality: Medium," that question is not displayed or hidden because it
is not an exact match.
Does not If the question is not configured with the exact filter property and value, the
Equal question is shown or hidden. The question may have the filter property and value
you specify, but if it also has other values in the same property, it is not an exact
match. For example, if you specify the filter "Confidentiality: High" and a
question includes the filters "Confidentiality: High" and "Confidentiality:
Medium," that question is shown or hidden.
9. In the Value(s) column, select the specific filter values that should trigger a question to be shown
or hidden.
For example, if you selected the Criticality property in the Filter Property column, you could
select the value "High" in the Value(s) column. All questions created with this specific filter
value are shown or hidden, depending on the type of display rule that you are creating.
10. Add more conditions, if needed, to the Question Display Actions section.

Enabling Automatic Generation of Findings for Questionnaires

Important: The Control Standards application must be licensed for findings to be generated for core
questionnaires.

You can configure a questionnaire to automatically generate findings when a user answers one or
more questions incorrectly while filling out the questionnaire. By default, findings are created for a
questionnaire record when the value in the Submission Status field is changed to Submitted. You can
change this default condition, or you can create additional conditions that will trigger findings
creation. For example, you can generate findings when a questionnaire record is submitted and when
it is approved. If multiple conditions are defined, all of them must be met in order to trigger findings
creation.
Note: A finding is created only once for each incorrectly answered question. So if a finding is
created for a question when the questionnaire is submitted, and that same question is still incorrectly
answered when the questionnaire record is marked Approved, the system does not create another
finding for that question.
As an optional step, you can create static or dynamic content that is displayed in the Description
field in all findings generated for the questionnaire.
Each finding generated by the system is prepopulated with the following:
l Question that was incorrectly answered.
l Incorrect answer the user selected.
l Specific target of the assessment.
l Questionnaire record in which the question was incorrectly answered.
l Authoritative source related to the question that was incorrectly answered (if applicable).
l Control standard related to the question that was incorrectly answered (if applicable).
The prepopulation of Findings records enables you to report on areas of non-compliance by target,
questionnaire, question, authoritative source, and control standard. As you remediate findings, you
also can monitor areas of improvement in your compliance posture.
Note: You can add the Findings application to the same solution as your questionnaire to access the
Findings application from the Navigation Menu for the purposes of searching and managing records.
Enable automatic generation of findings for a questionnaire

2. Click the Findings tab.
3. In the Generation section, select Enable automatic generation of findings based upon answers
within the questionnaire.
Note: If you do not enable findings for a questionnaire, the Quantitative Summary section within
individual questionnaire records are not included in the Findings column.
4. Complete the Findings Generation Condition section.
Note: If you have created more than one condition, you can apply advanced logic to your search
criteria.
5. In the Findings Generation section, enter the default text to be displayed in the Description field
of Findings records.
By default, the Description field within individual Findings records is populated with information
about the question that was answered incorrectly. You can modify the default text using any of
the following dynamic elements:
l [Question Name]. This element is the question label, not the question text. For example, the
question name might be "Encryption 1" for the following question text: "Is strong encryption
used for restricted information?"
l [Question]. This element is the question text, such as "Is sensitive cardholder data securely
disposed of when no longer needed?"
l [Answer]. This element is the incorrect answer the user provided, such as "No, we do not
dispose of cardholder data."
l [Weighted Score]. This element is the weighted score for the question, which the system
generates by multiplying the question weight and the numeric value associated with the
incorrect answer.
For example: The question "[Question]" was answered incorrectly:Question: [Question Name]
Answer: [Answer]Question Risk Score: [Weighted Score]



If you are working with a questionnaire that contains multiple calculated fields and the formula for
one calculated field is dependent on the result of another calculated field, you must specify the order
in which you want to compute the calculated fields.
Note: When you add a new calculated field to a questionnaire, it displays at the bottom of the list in
the Field Calculation Order listing.
1. Go to the Calculations tab of the questionnaire that you want to update.
order you want.
4. Click Save.
Setting Behaviors of a Questionnaire

The behaviors of a questionnaire include:
l Whether task management for workflow is enabled.
l Whether users receive notifications when content is updated.
l Whether spell check is run automatically when a record is saved.
l Whether users with update rights can edit a record directly from the key field link of search
results.
l Whether the default language is that of the user locale and not of the instance.
Enable direct edit mode

The direct edit mode allows users to open a record for editing from a search results list. Users with

update rights can open an editable record instead of a view-only record when they click the key field
link for a record in a Search Results list.
1. Go to the General tab of the questionnaire that you want to update.
2. In the Options section, select the Direct to Edit checkbox.

Enable or disable notifications

When notifications are enabled, end users are allowed to receive notifications when content in the
questionnaire is published or updated.
l To enable notifications, select the Notifications checkbox.
l To disable notifications, clear the Notifications checkbox.

Enable or disable task management

If you are using Workflow or Advanced Workflow, you must enable task management. By enabling

a questionnaire with task management capabilities, users can easily track and manage open and
completed activities associated with specific content records.
When you enable task management capabilities for a questionnaire, a related records field is placed
on the questionnaire layout.
Components of the related records field include:
l Open Tasks/Activities. Lists all of the open Task Management records associated with the
content record.
l Activity History. Lists all of the closed Task Management records associated with the content
record.
l To enable task management, select the Task Management checkbox. If you want to rename
the default settings for the related record fields, do the following
a. In the Task Field Name field, enter the name of the task, for example,
Open Tasks/Activities.
b. In the History Grid Label field, enter the name of the task, for example, Closed Tasks.
l To disable task management, clear the Task Management checkbox.
Note: If you disable task management, Task Management records are no longer viewable in
records of the associated questionnaire. However, all Task Management records still are
stored in the Task Management application. If task management is subsequently reactivated,
all existing Task Management records are displayed with their associated content records.


Enable spell check

Use this option to automatically spell check a record each time it is saved in a questionnaire.
2. In the Options section, select the Spell Check checkbox.

Select a default format for search results

You can select a default format for search results generated from the Records link in the Navigation
Menu, and from the Search Records page.
2. In the Options section, in the Search Results field, select one of the following formats.
Options Description
Column - Displays the search results in a columnar layout where fields are displayed
Hierarchical across the page from left to right, and the values in the search results fields are
presented showing relationships.
Column - Displays the search results in a simple columnar layout without any grouping of
Flat values.

Options Description
Row Displays the search results in a row layout with fields stacked vertically and
records separated by horizontal lines.
Summary Displays the search results in a simple block record format with the key field as
the heading for each record. Fields in the search display as values only in a
single paragraph with each value separated by a diamond symbol.

Change the default language
2. In the Options section, in the Language field, click Change.
3. From the Language list, select a default language for the questionnaire.
4. Click OK.


Assigning Application and Questionnaire Owners and Report

Administrators
Application and Questionnaire owners have unrestricted access to all record content in their
applications or questionnaires, including sub-form content. If you are an owner for one or more
applications or questionnaires, you can open those applications and questionnaires for editing from
the Manage Applications and Questionnaire page. When you access this page, you see all of the
applications and questionnaires that administrators in your organization have created, but you can
only edit those applications and questionnaires for which you have ownership rights. If no users have
been assigned ownership, only users who have been granted the System Administrator access role
can open the applications and questionnaires for editing.
Application and Questionnaire owners

You can select the users who will serve as owners of an application or questionnaire.
Note: If you want to edit notifications associated with an application, an administrator must assign
you an access role that gives you access to the Manage Subscription Notifications page.
l Owners have full editing rights over their designated applications and questionnaires, which
means they can fully customize its properties. This includes adding and arranging fields in the
application or questionnaire, enabling notifications, configuring data driven events, and others.
l Ownership is automatically granted to the user who creates it. However, your rights can be
revoked by any other user who is subsequently granted ownership of the application or
questionnaire.
As an application or questionnaire owner, you can:

l Create new records in the application or questionnaire and its sub-forms.
l View all records and field content in the application or questionnaire and its sub-forms, regardless
of record-level or field-level permissions.
l Update all records in the application or questionnaire and its sub-forms.
l Delete any existing records in the application or questionnaire and its sub-forms.
l Create global reports for the application or questionnaire as report administrators.
Report administrators
You can assign permissions to users and groups for creating and editing global reports in a specific
application or questionnaire.

l Global reports can be shared with any user in the application or questionnaire, but only users with
access to the application or questionnaire for which the report was created can see the contents of
the report.
l Users who do not have global report creation rights can only create personal reports, which
cannot be shared with other users.
Assign application or questionnaire owners and report administrators
1. Go to the Administration tab of the application or questionnaire that you want to update.
b. Under Application Builder, click Applications or Questionnaires.
c. Select the application or questionnaire.
2. In the Applications or Questionnaire Owners control group, click and do the following:
questionnaire owners.
3. In the Report Administrators control group, click and do the following:
questionnaire owners.
4. Click OK.

Revoke ownership or report administrators
1. Go to the Administration tab of the application or questionnaire that you want to update.

l To revoke ownership, click in the Applications or Questionnaire Owners field and click
to the right of the appropriate name in the Selected list.
l To revoke report administrators, click in the Report Administrators field and click to the
right of the appropriate name in the Selected list.
3. Click OK.

Creating Campaigns to Launch Questionnaires

Assessment campaign enables you to automatically generate questionnaire records for specific
assessment targets. For example, if the target of the questionnaire is a Devices application, the
campaign can auto-create questionnaire records for all devices in a production environment.
Campaigns may be configured to populate questionnaire records with the year, quarter, and due date
of the assessment, along with the assigned submitter and reviewer. Recurring campaigns can be
launched, and multiple campaigns may be created for each questionnaire.
You can create any number of campaigns for a questionnaire, enabling you to reuse the
questionnaire many times. You can configure the campaign to populate questionnaire records with
certain values, for example, year, quarter, due date, submitter, and reviewer. In addition, you can
create rules that determine which specific records in the target application require the creation of a
questionnaire record. For example, you can define a rule that generates questionnaire records only
for vendors with an active status. If you do not define any target generation rules, the campaign
creates questionnaire records for every record in the target application.
You can create campaigns that are generated automatically or manually.

l Automatic campaigns can be recurring or scheduled. A recurring campaign creates a campaign

that is evaluated when the specified target record is saved. A scheduled campaign creates a
campaign that is executed on a schedule.
l Manual campaigns are initiated by a user, which triggers the creation of questionnaire records.
Prior to launching a campaign, you can make any necessary changes to the campaign, including
adding or editing target generation rules. After a manual campaign is launched, you cannot make
further changes. If you need to modify a manual campaign after it is launched, you must create a
new campaign.
Create a campaign to launch a questionnaire
a. From the menu bar, click Administration.
b. Under Application Builder, click Manage Questionnaires.
2. Click the Campaigns tab.
l To create an automated campaign, click Add New in the Automated Campaigns section. In
the Type list on the Manage Questionnaire Campaign page, select one of the following
options.
Option Description
Recurring Creates a campaign that is evaluated when the specified target record
Campaign is saved.
Scheduled Creates a campaign that is executed on a scheduled basis.

Campaign
l To create a manual campaign that must be launched by the user, click Add New in the
Manual Campaigns section.

5. In the Optional Campaign Attributes section, select default values.
Note: The target application must contain a User/Groups List or Record Permissions field to
assign the submitter and reviewer for each questionnaire record triggered by the campaign.
When the campaign triggers the creation of a questionnaire record for a specific asset, such as a
database server, the owner of that asset automatically is assigned as the submitter for the
6. Create a target generation rule to filter the list of specific targets that need to be assessed. In the
Target Generation Conditions section, do the following:
a. In the Field To Evaluate column, select the field to evaluate for one or more specific values.
To create additional conditions, click Add New.
b. In the Operator column, select the filter operator.
c. In the Value(s) column, select the values for the condition.
d. (Optional) If you have created more than one condition, you can apply advanced logic to your
search criteria.
7. (Optional) If you are creating a Scheduled campaign, in the Schedule Properties section, select
values from the Frequency, Time, and Time Zone lists.
8. Click Save.
Note: After a campaign has run, you can view the Campaign Execution History report by
clicking the Report icon for that campaign.

Attaching Documentation to Questionnaires

Complete this task to attach supporting documentation to a questionnaire, such as design
specifications, approval forms, or other documentation.
If you are using the Relationship Visualization feature and have created the visualization xml file,
attach this file to the application or questionnaire. For more information on the Relationship
Visualization feature, see the Configuring Relationship Visualization topic in the RSA Archer GRC

Attach documentation to a questionnaire
1. Go to the General tab of the questionnaire to which you want to attach a file.
c. Click the questionnaire.
3. Select the document file or files that you want to add to the questionnaire.
4. Click OK.
5. Click Save.
Creating Mobile Ready Questionnaires

The Mobile Ready functionality is available only if RSA Archer GRC is licensed for Mobile
Questionnaires. To make a questionnaire mobile ready, you must define both a web layout and a
mobile layout. The mobile ready functionality can be applied only to questionnaires with an assigned
Target and a defined Submitter.
The following conditions apply to mobile ready questionnaires:
l Assessments are validated after users upload them from the mobile app to the GRC Platform.
l Calculated and data-driven event fields are not supported on mobile devices.
l Findings are generated if automatic finding generation is enabled, and if all required questions in
the questionnaire have been answered.
l Users can synchronize specific data in the mobile questionnaire to the GRC Platform.
Supported and unsupported fields

The following field types are supported for updating or read-only use on a mobile device, and for
placement on the mobile layout.

Fields Supported for Updating Fields Supported for Read-Only Access
Comments First Published Date

Date Last Updated Data
External Links Record Permissions
Image (attach a photo from the mobile device) Record Status
IP Address Tracking ID
Numeric
Text
Values List
The following fields and field types are unsupported on the mobile device or for placement on the
mobile layout. Custom Objects and Placeholders layout elements are ignored on the mobile device.
Unsupported
Unsupported Field Types
System Fields
Access History Attachments (Exception: Photos can be uploaded from the mobile
Calculated Fields device to RSA Archer GRC)
History Log CAST (ScoreCard)
Record Status Discussion Forum

Matrix
MRDC
Record Permission Fields
Scheduler
Sub-form (except comment)
Users/Groups
Voting
Step 1: Make a questionnaire mobile ready
1. Go to the Layout tab of the questionnaire you want to modify.

d. Click the General tab.
2. In the Options section, select the Mobile Ready checkbox.
Step 2: Configure the mobile layout
Note: Only data defined in the mobile layout of the questionnaire will be downloaded to the mobile
device.
1. Go to the Layout tab of the questionnaire you want to modify.
d. Click the Layout tab.
2. In the Layout list, select Mobile.
3. Add or remove the fields and sections from the Available panel to the Selected panel using the
following actions:
Action Task
Add individual fields Click the field in the Available Fields panel that you want to
move to the mobile layout.
Add entire sections Click on the Section title in the Available panel that you
want to move to the mobile layout.
Add all fields and sections Click on the Available Fields title bar and click Add All
to Selected Fields.
View unsupported field types Click on the Available Fields title bar and click Show
Unsupported Field Types.
Hide unsupported field types Click on the Available Fields title bar and click Hide
Unsupported Field Types.

Action Task
Remove individual field Click the field in the Selected Fields panel that you want
remove to the mobile layout.
Remove entire sections Click on the Section title in the Selected Fields panel that
you want to remove to the mobile layout.
Remove all unrequired fields Click on the Selected Fields title bar and click Remove
and sections All From Selected Fields.
Note: The following table describes the icons that might be displayed in the field bar of a field.
Required fields are denoted with an asterisk (*).
Icon Name Description
Key field Denotes the field is a key field.
Private field Denotes the field is a private field.
Calculated field Denotes the field is a calculated field.
Grid (Table field Denotes the field is a table field type.

type)
Unsupported field Denotes the field is an unsupported field type for mobile
types devices.
The Unsupported Field Types icon is applicable to mobile
layout only.

Step 3: Set synchronization criteria

The criteria you set for synchronizing assessments of mobile-ready questionnaires determines which
assessments are downloaded from the GRC Platform to a mobile device. The Mobile Sync Condition
Options determine the filtering criteria for synchronizing assessments. Assessments are downloaded
to the mobile device after the mobile sync conditions have been set.
Please note the following important items:

l Only fields on the mobile layout will be downloaded to the mobile device in the questionnaire.
Nested cross-reference fields and Description fields are not downloaded.
l You can set the criteria only when questionnaires are licensed for mobile availability, and after
you select a questionnaire to be mobile ready and define Target and Submitter (user).
1. Go to the General tab of the questionnaire you want to modify.
2. In Options, verify that the questionnaire is mobile ready.
3. Click the Properties tab.
4. Click the Mobile tab.
5. In Field To Evaluate, select the field to evaluate.
6. In Operator, select the value for the condition.
7. In Value(s), select the field value that must meet the condition.
l Repeat steps 4 – 7 for all condition statements that you want to add. After adding the second
condition, click Add New to add a blank row, and then repeat steps 4 – 7.
l Go to step 9.
l In Advanced Operator Logic, enter the evaluation statement, for example ((1 OR 2) AND (3
OR 4)) AND NOT 5.
Note: Operator logic statements are evaluated left to right with parenthetical groupings
evaluated first. Advanced operator logic helps to eliminate extraneous data that may be
downloaded to the mobile devices.
l Go to step 10.

Changing the Questionnaire Status

The questionnaire status provides the means for creating a questionnaire for test purposes, archiving
a questionnaire so that data can no longer be entered, hiding a questionnaire when it is no longer
used, and for using a questionnaire to collect active data for your business.
Change the status of a questionnaire
2. In the Status field, select the status you want to use for the questionnaire.
Status
Description
Option
Production Production questionnaires can be launched to end users through assessment

campaigns. Users can execute searches in these questionnaires and save those
searches as reports. In other words, production questionnaires are available for
use.
Development A development questionnaire has all of the characteristics of a production

questionnaire, except that it is displayed to end users with a watermark.
Archived When you archive a questionnaire, end users can continue to search and view
questionnaire content, but that content is read-only. You cannot launch archived
questionnaires to end users through assessment campaigns. The Edit and Data
Import options are disabled for archived questionnaires, and calculated fields
and record permissions are not recalculated.

Status
Description
Option
Retired Retired questionnaires are not available to end users. You cannot launch retired
questionnaires through assessment campaigns, nor can end users view existing
questionnaire content. If you retire a questionnaire that is displayed in a
Questionnaire Reference field within a target record (such as an Asset or
Vendor record), the questionnaire is removed. Although retired questionnaires
are hidden from end users, administrators can continue to modify retired
questionnaires from the Manage Questionnaires page.
Note: If the questionnaire is mobile ready and the status is changed to Archived or Retired, the
questionnaire is no longer available on the mobile device. The mobile layout will remain in tact
just as the web layout does so that if the questionnaire is reactivated, the mobile layout is
available. The questionnaire is validated upon save when the status is changed to ensure that
certain conditions do not affect the mobile readiness. The validation checks for required fields
that are off layout and required fields that are unsupported field types. If either of these
conditions exist, the questionnaire will no longer be mobile ready.

Importing Data into a Questionnaire

You can use the Data Import feature to import data into a questionnaire from an external data file.
This is a great way to prepopulate questionnaire records with data from a previous assessment
campaign, enabling end users to simply update their previous answers rather than filling out a new
The data import process for a questionnaire is exactly the same as the process for applications.
Because questionnaire records must be linked to a target application, a reference to the target
application content record must be included in the external data file when creating new questionnaire
records.
Modifying a Questionnaire During the Assessment Cycle

RSA recommends that you configure a questionnaire completely before releasing it to users.
However, you may need to make minor changes during an assessment cycle. Depending on the
change, there may be an impact on content records created prior to the change.
Note: You can review changes made to the configuration of a question by viewing the History Log.

Changes to the following properties of a questionnaire impact content records created prior to the
change:
l Question text l References to authoritative sources and control
l Answer text standards
l Question name l Data driven events
l Question field l The default selection option for an answer
options l The correct option for an answer
l Question l The numeric value of an answer

weighting l The text color and image of an answer
l Category
l Standard fields
The following changes do not impact content records created prior to the change:
l Adding a new question l Creating a new
l Changing question filter campaign
properties l Inactivating an answer
l Changing the findings options
Modify a questionnaire during the assessment cycle
1. Go to the questionnaire you want to modify.
c. Select the questionnaire you want to modify.
2. Add a filter property for the Retired question and select the property as True.
3. Add a rule to hide questions with the Retired filter property.
Note: Because hide rules take precedence over show rules, the question is hidden regardless of
any other question filter properties or question display rules.
4. Add a new question to the questionnaire with the new changes.

Deleting Questionnaires and Content

If you have delete permissions to the Manage Questionnaires page, you can delete questionnaires for
which you have ownership rights.
You can delete a question from a questionnaire. Once deleted, that question is removed from all
questionnaire records created prior to the deletion. It removes the question from the layout, deletes
any answers previously provided, and modifies the question count and scoring appropriately. It does
not modify any existing findings related to the deleted question.
Important: RSA recommends deleting a question only when you need to remove it from previous
and future questionnaire content records. To keep the questionnaire content records created prior to
the deletion, inactivate the existing answer values and leave only the N/A option available, selected
by default with a value of zero. You cannot inactivate a question, only the answers.
CAUTION: RSA Archer does not recommend moving a question off the questionnaire layout. This
does not change the question count or scoring records. Once it is removed from the layout, users
cannot complete the questionnaire and save the questionnaire content record.
Delete content from a questionnaire

You can quickly delete all records from a questionnaire. This feature is useful if you have created a
large number of records to test the functionality and performance of a new questionnaire.
Prior to deleting the content of a questionnaire, you must retire the questionnaire (see step 2 in the
following procedure). The content delete feature is available only for retired questionnaires.
Important: Use extreme caution when deleting content from a questionnaire. Once the content is
deleted, it cannot be recovered. RSA highly recommends that you create a backup of your data
before deleting questionnaire content. Do not import data into a questionnaire until the content delete
process is complete. If the questionnaire contains a large number of records, this process could take
several minutes. To determine whether all content has been deleted from the questionnaire,
reactivate the questionnaire and run a search to display all records. When your search returns zero
records, you can initiate a data import.
1. Back up questionnaire data.
2. Go to the General tab of the questionnaire you want to modify.

b. Under the Application Builder section, click Questionnaires.
2. In the Status field, select Retired.
3. Click Apply.
4. Click the Administration tab.
5. In the Delete Questionnaire Content section, click Delete Content.
Note: If this button is unavailable, the questionnaire is not retired. See step 2.
6. In the Warning dialog box, select "I understand the implications of performing this operation."
7. Click OK.
The delete process may take several minutes to complete.
Note: You cannot import data into the questionnaire until the content delete process has finished.
Delete a questionnaire
1. Go to the Manage Questionnaires page.
2. Select the row of the questionnaire that you want to delete.
3. Under the Actions column, click .

Chapter 4: Solutions
You can add solutions to group related applications or questionnaires that work together to address a
particular business need. For example, you can create a Customer Relationship Management
solution that houses the following applications: Accounts, Contacts, Opportunities, and Projects. By
grouping these applications into a solution, you access these applications from the Workspace menu,
search these applications as a single entity from the Search feature, access reports for the
applications using a Solution filter on the Master Reports Listing, and more.
An application can be grouped into multiple solutions. For example, a Contacts application can
associated with Vendor Management, Customer Relationship Management, and Service Request
solutions. By grouping an application with multiple solutions, you can reuse the same information for
a variety of purposes.
Adding Solutions
Adding a solution is the process of selecting applications and questionnaires and attaching
documentation, for example, design specifications, sign-off forms, and others. When you create a
solution, a workspace is also automatically created to support the solution. A system-specific iView
for the new workspace is displayed by default.
Add a solution
1. Go to the Manage Solutions page.
b. Under Application Builder, click Solutions.
2. Click Add New and do one of the following:
l To create a new solutions, click Create a new Solution from scratch.
l To create a solution from an existing solution, do the following:
a. Click Copy an existing Solution to be modified.
b. Select the solution you want to copy.
3. Click OK.
4. In the General Information section, enter the name, alias, and description.
5. In the Applications section, click Add New.

6. Do one or more of the following:
l To assign one or more applications, select the applications you want.
l To assign one or more questionnaires, click the Questionnaires tab, and select the
questionnaires you want.
7. Click OK.
8. In the Applications section, select Menu Display or Quick Search to specify whether the
application or questionnaire is displayed in the navigation menu, as a quick search link, or both.
9. (Optional) In the Documentation section, do the following.
a. Click Add New.
b. On the File Upload dialog box, click Add New.
c. Select the file to upload and click Open.
d. Click OK.

Updating a Solution
Updating a solution allows the process of selecting or deleting additional applications and
questionnaires, and attaching documentation, for example, design specifications, sign-off forms, and
others.
Update a solution
1. Go to the solution you want to update.
c. Select the solution.
2. In the General Information section, edit the name, alias, and description.
3. To update an application or questionnaire, click Add New in the Applications section.

l To add or remove one or more applications, select or deselect the applications you want.
l To add or remove one or more questionnaires, click the Questionnaires tab, and select or
deselect the questionnaires you want.
5. Click OK.
6. In the Applications section, select Menu Display or Quick Search to specify whether the
application or questionnaire is displayed in the navigation menu, as a quick search link, or both.
7. In the Documentation section, do one or both of the following.
l Add a new document.
a. Click Add New.
b. On the File Upload dialog box, click Add New.
c. Select the file to upload and click Open.
d. Click OK.
l Remove a document.
a. Click the button next to the document.
b. Click OK.


Chapter 5: Fields
RSA Archer GRC provides a wide variety of field types that allow you to collect and shape
information according to your business needs. A field collects data that is displayed as an interface
control for your users as they create and update records in an application, questionnaire, solution,
and sub-form. Each field has a configurable set of properties that govern how the field displays in
the application and how (or whether) the user interacts with it.
You can add, edit, configure and arrange data collection fields in applications, questionnaires,
solutions, and sub-forms. RSA Archer GRC includes Basic, Advanced, and System field types.
Each have a unique function and are available based on the type application to which it is
associated.
To protect data integrity, you cannot change a field to another field type. For example, changing a
Date field to a Text field. Every application must have a key field.
Available field types

Data collection field types are divided into three categories: basic, advanced, and system. Field
types may or may not be available depending on the type of application into which you are adding
fields.
Basic field types
l Attachment l Numeric
l External Links l Text
l Date l User/Groups List
l Image l Values List
l IP Address l Voting
Advanced field types
l Cross-Application Status Tracking l Multiple Reference Display Control

(CAST) l Questionnaire Reference
l Cross-Reference (and the l Record Permissions
associated Related Records field)
l Scheduler
l Discussion
l Sub-Form
l Matrix

System field types

System fields do not allow data input from users. They are automatically populated by the system
when a record is saved.
l Access History l Last Updated Date Field
l First Published Date l Record Status Field
l History Log l Tracking ID
Field types for mobile questionnaires

See Creating Mobile Ready Questionnaires.
Behavior and validation options by field type

When you add a field, each field type has behavior and validation options that control the way users
interact with the field. Some options required additional configuration. For example, a numeric field
can have defined numeric ranges, advanced display options, and a formula for calculating it based on
defined conditions.
Field name guidelines
l Limit field names to one or two words wherever possible. For example, Description is preferable
to Description of the Asset.
l To ensure readability, limit field name lengths to 20 characters wherever possible.
l Capitalize the first letter of each word in the field name. For example, Predicted Impact is

preferable to Predicted impact.
l Avoid redundant wording in field names. For example, using the word Asset is unnecessary in the
following series of fields: Asset Name, Asset Type and Asset Value.
l Use noun-based field names whenever possible. Avoid verb-based field names, for example, Set
Asset Name.
Operators by field type

Use the following operators for filtering rule conditions in a field type.
Field Type Operator
Cross-Reference and Related Records Contains

Matrix Does Not Contain
Record Permissions Equals
Text Does Not Equal
User/Groups List Changed
Values List Changed To
Changed From
Date Equals
First Published Date Does Not Equal
Last Updated Date Current
Last
Next
Greater Than
Less Than
Between
After Today
Prior To Today
Changed
Changed To
Changed From
IP Address Equals
Record Status Does Not Equal
Changed
Changed To
Changed From

Field Type Operator
Numeric Equals
Does Not Equal
Greater Than
Less Than
Between
Changed
Changed To
Changed From
Numeric Ranging Contains

Does Not Contain
Equals
Does Not Equal
Greater Than
Less Than
Between
Changed
Changed To
Changed From
Sub-form Changed
All fields have common and unique properties. The unique properties are managed through the
Options and Configurations tabs and vary based on the field type. Options determine the validation
rules and Configurations determine the valid input parameters for the field. You can also create
field-level help to assist users while working in an application and assign access privileges.
Dynamic Attributes
Dynamic field attributes determine what users are allowed to do when adding or editing records and
the behavior of the field under certain conditions. These attributes are defined in the Options tab of
the field type.

Attribute Description Field Type
Calculated Designates the field as a calculated field determined by a formula that Date
Field computes a value dynamically for this field. If you select this option, Numeric
the field is read-only for all users, and its value is computed by a Text
defined formula. Values List
Enable Allows users to edit the field while in search results and reports. Cross-
Inline Edit When this option is selected, User/Groups list and Record Permissions Reference
fields, which normally display as a link to the profile page when Date
populated, do not display as links. Also, the ability to re-order columns Numeric
on the Search Results page by dragging and dropping them with the Record
mouse is not supported. Permissions
Some View/Edit specific functionality not supported with Inline Edit is Text
as follows: User/Groups
List
l Automatic spell-checks are not performed when saving records Values List
through Inline Edit.
l Data Driven Events are not supported when updating records

through Inline Edit. If a field that is used in an active Data Driven
Event rule is modified through Inline Edit, the save attempt for the
record will not be successful.
l The Workflow buttons (Accept, Reject, etc.) are not available

through Inline Edit.
l The Record Conflict functionality available when saving a record in

View/Edit is not available through Inline Edit. If a record conflict
exists for a record updated through Inline Edit, the save attempt for
the record will not be successful.
l The Pending Calculations Warning message is not displayed on the

Search Results page.

Key Field Designates the field as the key field of a record. All applications must Date
contain a key field, and multi-level applications must contain a key Numeric
field at each data level. The key field setting is exclusive; only one Text
field in each single-level application or in each level of a multi-level Tracking ID
application can serve as the key field.
The Key Field icon indicates that the field is the key field in an
application, questionnaire or sub-form. The key field is displayed in
search results as a hyperlink within each record. By clicking the
hyperlink, users can click the key field to view the details of a record.
By default, the Tracking ID field is set as the key field. You can
select this setting as one of the other eligible field types.
Required Designates the field as required and forces users to enter a value when Attachment
Field adding or editing a record. Required fields are indicated with an icon Cross-
to alert users that they must enter a value. Reference
Date
External
Link
Image
IP Address
Matrix
MRDC
Numeric
Record
Permissions
Sub-Form
Text
User/Groups
List
Values List
Unique Prevents users from entering an identical value in a field in separate Date
Field records. If a user saves a value in this field and the same value has IP Address
already been saved in the field in a different record, the user is Numeric
prompted to enter a unique value. Text

Validate Designates that a calculated field is recalculated whenever any value Attachment
Always is changed in a record. If the Validate Always option is not selected, Date
this field is validated only when the value in that field has changed. External
Link
Image
IP Address
Matrix
Numeric
Record
Permissions
Sub-Form
Text
User/Groups
List
Values List
Voting
Creating Fields by Field Types

l Adding Access History Fields
l Adding Attachment Fields
l Adding Cross-Application Status Tracking Fields
l Adding Discussion Fields
l Adding External Links Fields
l Adding Image Fields
l Adding IP Address Fields

l Adding Matrix Fields
l Adding Multiple Reference Display Control Fields
l Adding Record Status Fields
l Adding Record Permissions Fields
l Adding Scheduler Fields
l Adding Voting Fields
Adding Access History Fields

The Access History field type enables users to access a record-specific view history for the record.
By clicking the View Access History link in a record in view or edit mode, you can track:
l Record level: Who accessed the record and when.
l Application level: Who accessed which content records and when.
The access history field type and the Record Views – Detail reports help you understand how users
are interacting with content within Archer. By using the access history field in appropriate records,
you have visibility into individual user content activities to ensure that the sensitive information you
handle in your RSA Archer GRC environment is secure and managed properly. The Record Views –
Detail report supports internal audit requirements and provides easy access to reporting related to
end user access history.
Add an access history field

You can add an access history field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add an access
history field.

2. Click Add New.
3. In the Creation Methods section, do one of the following:

l To add a new field, click Create a new Field from scratch and click Access History from the
System Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the access
history field you want to copy.
4. Click OK.
5. In the General Information section on the General tab, enter the name and description of the
field.
6. Click the Options tab and select the options for including the field in search results.
Option Action
Search Includes the field by default in search results for the application. This option does not
Default prevent users from removing the field from the Search Results page. Users can click
Field Modify in the toolbar and remove the field from the Fields to Display section of the
application Search Records page.

Adding Attachment Fields

The Attachment field type allows users to upload one or more files and attach them to a record. The
attachment field accepts any type of file as long as its size does not exceed the limitations set for the
field. An attachment field can be added to an application or questionnaire.

When configuring an attachment field, you can specify the total number of files that can be uploaded
(attached) to the field, as well as the file size (between 1 and 100 MB) permitted for each file. You
can also enable end users to keyword search into attached documents. The following file types are
supported for document searching:
l Microsoft Word
l Microsoft Excel
l PDF
l Text
l .CSV
File size limitations for attachment files

When determining the maximum file size of an attachment or image field, also consider the
restriction limits set in the web.config file and Microsoft Internet Information Services (IIS). If a file
exceeds either restriction, the following occurs during the upload:
l If an attachment file is larger than the designated file size in IIS, a 404 error appears. The host
server, not RSA Archer GRC, generates this message. The IIS setting outranks RSA Archer
GRC setting.
l If the attachment file meets the restrictions in IIS but exceeds the maximum file size of the
attachment or image field, a message appears, stating that the file exceeds the limitations. If this
condition occurs, the user must upload a file that is smaller than the maximum file size. If the
attachment file includes more than one file and the total size exceeds the maximum file size, the
user can upload the files individually, up to the maximum size limitation.
Add an attachment field
1. Go to the Fields tab of the application or questionnaire to which you want to add an attachment
field.
2. Click Add New.

3. In the Creation Methods section, select one of the following:
l To add a new field, click Create a new Field from scratch and click Attachment from the
Basic Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the attachment
field you want to copy.
4. Click OK.
5. In the General Information section, enter the name and description of the field.
6. Click the Options tab.
7. In the Display Control section, select the option for displaying the field: Grid and Single Column.
Display
Description
Control

Column
8. In the Options section, select the options for including the field in search results and setting its
behavior.
Option Action

Option Action
Microsoft Excel, PDF, Text, and .CSV. If a user does not have access to the
field but the field is configured to allow keyword searching, the field is still
searched but not included in the search results.
Advanced Adds descriptive text and alters the standard display of the field. After selecting
Field this checkbox, specify the display text and layout for the field in the Advanced
Display Field Display Options section.
limitations of the attachment files.
Option Description

Option Description
Maximum Specifies the maximum file size, up to 100 MB, that you want to allow for each
Size file uploaded to the attachment field. This setting does not restrict the total size
of all files uploaded to the field.
Users may experience a long wait time when attaching large files to a record. If
you allow users to attach multiple large files, periodically monitor the available
space and current usage of the file repository to ensure optimized system
performance.
Display Designates the fields you want to display along with your attachment file.
Fields

Adding Cross-Application Status Tracking Fields

The Cross-Application Status Tracking (CAST) field type allows users to track the completion status
of tasks stored in one application against records in another application. For example, you could
track the implementation of security controls against specific assets, indicating status changes, using
the list of field status values for the CAST field. When you create a cross-reference to another
application, that field is classified as a related-record.
The application that contains the task records (such as security controls or patches) is considered the
child application, and the application that contains the object records (such as assets or vendors) that
you want to track tasks against is the parent application. For example, if you include a CAST field in
an Incidents application, the application you relate might store response procedures.
Linking a CAST field

After you link a CAST field to a child application, a matching field is created in the child application
to note the linkage. When updating a record in the parent application, a user can select a value from
the CAST field to define the status of the relationship between the parent-application record and the
child-application record. For example, while updating an asset record in the parent application, a
user can select the implementation status of a related security control from the CASTfield.

Important: If you change the associated application for a CAST field, but records with values for
the CAST field were already saved in the previously associated application, those values are no
longer displayed in the previously associated application because the CAST field is removed.
Therefore, RSA recommends that you do not change the associated application for a CAST field if
records in the current related application have already been saved.
Child-application records can be linked to parent-application records by selecting a field in each

application that is populated with an identical global values list or by creating a field-value rule with
one or more conditions that filters records in the child application, or both. The values list that you
select must contain status values that users can select to indicate the current completion status for a
task. For example, you could select a global values list with the values Accept Risk, Implemented,
Time Extension and Not Applicable. You can also select a cross-reference field referencing the
same application.
Important: If any records were saved using the current values list for the CAST field, changing the
status of the values list is not recommended. If you change the values list after records have already
been saved with values from a previous values list, the CAST values in those records are set to the
default value for the new values list. If no default value is configured for the new values list, the
CAST values in records saved with the previous values list is set to No Value. In either case, you
lose any status changes made to records saved with the previous values list.
Add a cross application status tracking field
1. Go to the Fields tab of the application to which you want to add a CAST field.
2. Click Add New.
3. In the Methods section, select one of the following:
l To add a new field, click Create a new Field from scratch and click Cross Application Status
Tracking (Scorecard) from the System Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the CAST field
you want to copy.
4. Click OK.

6. In the Associated Application field, click and select the application to relate through the
CAST field.
7. In the Status List field, click and select the values list to populate the CAST field.
9. In the Options section, select whether the field is included in search results.
Option Action
Quick Displays a statuses in a list on the Status Tracking Results page to enable immediate
Status status changes.
Change
10. In the Configuration section, specify how the records are associated.
Option Description
Relate Relates two applications based on a field in both applications. There must be a
Content By common value between the fields.
Field If you have a values list field in your parent application, for example, Asset
Management, that denotes the Asset Type, and you have the same field in your
child application, for example, Security Controls, you can link the two fields so
controls are only linked to an asset if the asset shares the same value in the
Asset Type field.
Relate Specifies the rule that determines which records to link from an outside
Content By application. If you relate content by a rule, all content records in the child
Rule application that satisfy that rule are linked to all records in the parent application.
For example, you can create a rule that links all records in the child application
with the value "High" in the Priority field to records in the parent application.

Option Description
Application Specifies the application field and related field for two applications when content
Field and is related by a rule.
Related
Field
Rule Adds or removes search criteria in the table to specify a rule that determines
which records to link from the outside application when content is related by a
field.

Adding Cross-Reference Fields

Use cross-reference fields to create associations between records in the same application (internal
references) or records in one or more different applications (external references).
Add a cross-reference field
1. Go to the Fields tab of the application to which you want to add a cross-reference field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Cross Reference from
the Advanced Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the cross-
reference field you want to copy.
4. Click OK.
5. In the General Information section, complete the name and description of the field.

7. In the Display Control section, select a display option.
Display Control options
Display
Description
Control

Column
8. In the Options section, select the applicable options:
Options
Option Action

Option Action

Inline Edit
Editable
Grid
Display
for editing.

Option Action
Remove
Record Lookup Configuration options
Options Description
Display Specifies the fields of data from the relationship application that is displayed on the
Fields Record Lookup page for users when they select related records in the Cross-
Reference field.
Use to select the fields that you want to display from the Available list.
fields in the Selected list will be the left-to-right order of fields in the Record
Lookup page.
Note: If the relationship application is a leveled application, and you select fields
from two or more levels to be displayed in the Cross-Reference field, you can only
arrange those fields on a level-by-level basis. You cannot intermix fields from
separate data levels.
Filters Determines the filtering criteria for selecting records for display on the Record
Lookup page.

Options Description
Sorting Specifies the fields by which cross-referenced records are sorted in the Record
Lookup page.
For example, in an "Investigators" Cross-Reference field, you can sort the display
of referenced records alphabetically by investigator name.
Display Determines how the cross-referenced records are displayed on the Record Lookup
Format page:
l Column-Hierarchical. Presents the records in a columnar layout where fields are

displayed across the page from left to right, and the field values are presented
l Column-Flat. Presents the records in a simple columnar layout without any

grouping of values.
Grid Display options
Options Description
Reference field.
Lookup page.
If the relationship application is a leveled application, and you select fields from
two or more levels to be displayed in the Cross-Reference field, you can only
Lookup page.

Options Description
Lookup page.
Format page:

grouping of values.
11. In the Configuration section, specify the range of selections a user can make.
Configuration options
Option Description
Field For Single Column option: Specifies the height of the field in a single-column
Height display. This setting impacts the display of the field only when users add or edit
records in the application. For example, if you set the field height to three lines,
and a user makes four selections in the field, a scroll bar is displayed.
control.
control.

Adding Date Fields

The Date field type accepts only a valid date entry and is displayed to users as a field with a
calendar icon displayed beside it. Users can either enter dates directly in the field or click the
calendar to select a date from the dialog box.
When configuring the properties of a date field, you can enable users to enter a time of day to
associate with the date, as shown below.
You can also restrict users from entering values in a date field that are already contained in other
records within the application, making each date field value unique.
Specialized options
l Default Date Value. If this option is enabled, you can select a default value for date fields. The
default date value is set when a record is created in the application; the value is not affected by
record edits. When configuring the default value, you can select to display the date of record
creation, a date that is a specific number of days after the date of record creation, or a static,
specific date. You can also select to display no default value in the date field.
l Calculated Field. If this option is enabled, you can specify a formula for dynamically computing
the value of the field. For example, you could create the following formula to populate the Date
field with the current date: TODAY(). The calculated field would display as read-only for all
application users, and its value would be updated each time the field was recalculated.
Add a date field
1. Go to the Fields tab of the application to which you want to add a date field.

2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Date from the Basic
Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the date field you
want to copy.
4. Click OK.
7. In the Display Control section, select the option for displaying the date and time.
Display Control Description
Text Box - Date Only Displays a date in a text box or dropdown list by date or by date
Text Box - Date and and time.
Time
Dropdown - Date Only
Dropdown - Date and
Time
behavior.
Option Action

Option Action

Inline Edit
application.
selected.
Calculated Designates the field as a calculated field determined by a formula that computes
Field a value dynamically for this field. If you select this option, the field is read-only
for all users, and its value is computed by the defined formula.

9. In the Configuration section, select the option for setting the default value of the field.
Option Description
Default Specifies the default date value of the date field when a user adds a new record in
Value the application. The default date is set when the record is created. This date is not
affected by record edits. The following options are available:
date field.
l Future Date. Select Future Date to display a default date value that is a specific
number of days after the date of record creation. Then enter the specific number
of days in the field to the right.
for the date field, and enter the date in the field to the right or click the Calendar
icon to select the date from a calendar dialog box.

Adding Discussion Fields

The Discussion field allows users to participate in discussion forums related to specific records.
When configuring this field type, you can select to create an individual forum for each record
created in an application or to link all records within an application to one or more existing
discussion forums created manually through the Discussion Forums feature. Forums built through the
Discussion field type have all of the characteristics and properties of a regular discussion forum.

Discussion field formats
Type Description
Forum Selecting this option causes the field to generate a new discussion forum for each record
Popup created within the application. The discussion forum displays in a pop-up window. You
can capture comments and dialogue from a variety of users centered on the content of a
specific record. For example, if you have a record concerning password requirements,
users could access the forum to discuss changes or additions to the requirements. A link to
the record-specific forum is displayed in both the view and edit modes of a record. This
option also allows you to specify administrators for the forum and configure edit options
for users.
Static Selecting this option allows you to embed links to existing discussion forums within each
Forum record in an application. Users cannot add or edit links in the field. By including links to
Link established discussion forums, you can direct users to forums where they can participate
in a large-scale discussion relating to the entire application. Links for the selected
discussion forums display in both view and edit modes of every record in the application.
Add a discussion field

You can add a discussion field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add a Discussion
field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Discussion from the
Advanced Field Types list.
l To add a field from an existing field, click Copy an existing Field and select the discussion
4. Click OK.

Display
Description
Control
Forum Forum Popup: Displays a pop-up list that contains a discussion forum for each
Popup record created in the application. In this view, users can only access the forum
Status when viewing or editing a record. the record is not displayed in a discussion forum.
Forum Status Forum Link: Displays one or more read-only links to existing discussion
Link forums in every record of the application.
8. In the Configuration section, specify the rules for posting and edit discussions in a discussion
forum.
Configuration options for applications
Option Description
Forum Designates the administrators for the forum and specifies the edit options that end
Popup users have in the forum.
l Edit Own Posts. Allows users to edit their own posts in the forum.
l Edit All Posts. Allows users to edit all posts in the forum.
l Forum Administrators. From the Available list, select the users and groups to
which you want to grant forum administrator rights. As an application owner, you
are listed by default as a forum administrator. To revoke forum administrator
rights for a user or group, click to the right of the user or group name in the
Selected list.
Static Specifies the forums to which you want to provide links.

Forum Discussion Forums. From the Available list, select the discussion forums that you
Link want to include a link to within in every record of the application.
To remove a link to a discussion forum, click to the right of the discussion forum
name in the Selected list.

Configuration options for questionnaires
Option Description
Edit Own Posts Allows users to edit only their own discussion forum posts.
Edit All Posts Allows users to edit all discussion forum posts.

Adding External Links Fields

The External Links field type allows users to enter named links that reference web pages, email
addresses, and so on. To enter an external link, specify the link protocol and the target URL. You
can also specify link text (a name) for the link, for example, "Google".
Supported link types:
l HTTP l News
l HTTPS l Relative
l FTP l File
l Mailto
What happens when a user enters an external link

Each time that you enter a link in an external links field and click Apply, the new link is displayed in
a list below the field. You can edit the properties of a list item by clicking to the right of the
link. The properties of that link are displayed in the Link Manager and can be edited.
You can delete a link in the list by clicking to the right of the link.
Add an external link field

You can add an external link field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add an External
Links field.

2. Click Add New.
l To add a new field, click Create a new Field from scratch and click External Links from the
l To add a field from an existing field, click Copy an existing Field and select the external links
4. Click OK.
behavior.
Option Action

Option Action
8. In the Configuration section, specify the minimum and maximum number of external links that a
user can add.
Option Description
Minimum Sets the minimum number of links the user can select in the external links field.
Links
Maximum Sets the maximum number of links the user can select in the external links field.
Links
Protocols Specifies the protocol types that a user can configure in the Protocols field.
l HTTP l News
l HTTPS l Relative
l FTP l File
l Mailto


Adding First Published Date Fields

The First Published Date field type is automatically populated based on the date a record is created.
When configuring the properties of a first published date field, you can select whether to display the
contents of the field within individual records and/or in the record header. You can also select to
display time and user information along with the date value.
Add a first published date field

You can add a first published date field to an application or questionnaire.
1. Go to the Fields tab of the application to which you want to add a first published date field.
2. Click Add New.

l To add a new field, click Create a new Field from scratch and click First Published Date from
the System Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the first
published date field you want to copy.
5. Click the Options tab and select the options for including the field in search results and for
displaying information about the field.
Option Action

Option Action
Time Displays time information (hours, minutes and the AM or PM designation) along
Information with the date value.
User Displays the name of the user who published the record along with the date
Information value.
Header Displays date first published or last published in the page header of records by
Display default. To remove it from display, clear the Page Header Display checkbox.

Adding History Log Fields

The History Log field type enables you to track field-level changes for individual records in an
application. You can select to embed the history log in a record in grid (table) format or include a
link to a record history log for viewing the history log in a separate window.
When configuring the properties of a history log field, you can select the fields that are tracked by
the history log. Not all field types can be included in the history log. All other fields in an application
can be included in this history log.
In addition to selecting the fields to include in the history log, you can select to limit the number of
modifications that are displayed on the History Log page. If a large number of users have rights to
edit records in an application, it is possible that the history log for a record in that application could
include thousands of changes. If this is the case, you may want to limit the number of modifications
displayed in the history log to improve its load time.

Field types that cannot be included in the history log
l Cross-Application Status l Scheduler

Tracking l Sub-Form
l Discussion l Tracking ID
l First Published Date l Voting
l Last Updated Date l Record Permissions configured with the Inherited
l Multiple Reference Display Permissions option
Control l "Other Text" values associated with a Values List field
l Record Status
Additional information about the History Log field type
l Field permissions are enforced, allowing users to track only the history of fields for which they
have access.
l Prior to adding a history log field to an application, the history of field-level changes in that
application is not tracked.
l Deleting a history log field deletes the history associated with the field. This data cannot be
restored.
l Published changes and content review changes are tracked in the history log.
l Copying a record does not copy the history of that record.
l When a History Log field is part of a workflow process, the history of that field is retained
indefinitely. The workflow history ignores the retention policy of a history log field.
Add a history log field

You can add a history log field to an application or questionnaire.
1. Go the Fields tab of the application or questionnaire that you want to add a History Log field.

d. Click the Fields tab .
2. Click Add New.
3. In the Creation Methods section, select one of the following

l To add a new field, click Create a new Field from scratch and click History Log from the
l To add a field from an existing field, click Copy an existing Field and select the history log
4. Click OK.
6. Click the Options tab and select the option for displaying the field content.
Display
Description
Control
Grid Displays historical information in a fixed-width table or presents a hyperlink for

Link displaying historical information in a separate window.
7. In the Options section, select the options for including the field in search results and rules for
displaying the field.
Option Action
Default not prevent users from removing the field from the Search Results page. Users can
Field click Modify in the toolbar and remove the field from the Fields to Display section
of the application Search Records page.

Option Action
Microsoft Excel, PDF, Text, and .CSV. If a user does not have access to the field
but the field is configured to allow keyword searching, the field is still searched
but not included in the search results.
User Determines whether to include only the activity entered by a user when a field is
History added or updated. History is displayed for general, administrator, and data feed
users. Calculated fields are excluded from the history log.
8. In the Configuration section, select the options for setting the number of days or entries for
retaining the historical data and whether to track all fields or only specific fields.

Option Description
Retention Specifies whether the history log field is retained for a specified number of days or
Policy entries.
l By Days. Enter the number of days of the entries for the fields being tracked
and retained.
l By Entries. Enter the number of entries for the fields being tracked and retained.
A history log field is also created when a work flow is created. By default, this
field is configured to retain all history for all fields indefinitely.
As records move through content review stages, a detailed history of all content
modifications is electronically maintained by person, date and time. If this history
log is configured to purge its contents, the work flow information could be lost
along with other historical information. An application can include other history log
fields.
If an application has multiple history log fields, the history log with the longest
retention period takes precedent over the other. For example:
Scenario 1 History log fields 1 and 2 are both configured by days.

1 has a retention period of 7 days.
Results Records are retained 14 day.s
Scenario 2 History log fields 1 and 2 are both configured by entries.

1 has a retention period of 10 entries.
Results The 20 most recent entries are retained.
Scenario History log field 1 is configured by days and History log field 2 is
3 configured by entries.

Option Description
Results The 20 most recent records are retained regardless of their age, and
all entries younger than 7 days are retained regardless of the count.
Field Determines which fields are tracked for history logging:

Tracking
l All. Select this option if you want the history log to track all fields in the
application. In addition to all current fields, fields added in the future will also
be automatically added to the tracked fields list if you select this option.
l Selected. Select this option to specify one or more fields to track. To include a
field, click the field from the Available list. You must select at least one field
for the history log to track.
After selecting the field, specify which format edits to the field are displayed in
detail, record version, or both.
To move the fields in the order you want the fields displayed, use at the
bottom of the Selected list.
To remove a field from the Selected list, click to the right of the field name.
Each time a value is added or modified in any of the fields in the Selected list, a
new entry is added to the history log for that field that describes the
modification.

Adding Image Fields

The Image field type allows users to upload and display one or more image files. You can set the
display height and width for each image field. The system supports a maximum value of 2000 x 2000
pixels. When an image does not match the defined height or width, it resizes using a locked aspect
ratio until both dimensions meet the display criteria.
File size limitations for image files

When determining the maximum file size of an attachment or image field, also consider the
restriction limits set in the web.config file and Microsoft Internet Information Services (IIS). If a file
exceeds either restriction, the following occurs during the upload:

l If an attachment file is larger than the designated file size in IIS, a 404 error appears. The host
server, not RSA Archer GRC, generates this message. The IIS setting outranks RSA Archer
GRC setting.
l If the attachment file meets the restrictions in IIS but exceeds the maximum file size of the
attachment or image field, a message appears, stating that the file exceeds the limitations. If this
condition occurs, the user must upload a file that is smaller than the maximum file size. If the
attachment file includes more than one file and the total size exceeds the maximum file size, the
user can upload the files individually, up to the maximum size limitation.
Add an image field

You can add an image field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add an image field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Image from the Basic
Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the image field
you want to copy.
4. Click OK.
6. Click the Options tab and select the options for including the field in search results and setting its

behavior
Option Action
7. In the Configuration section, specify the minimum and maximum attachments and image size.
Option Description
Display Specifies the width and height in pixels for images displayed in this field.
Width and
Display
Height

Option Description
Maximum Specifies the maximum size, up to 100 MB, that you want to allow for each file
Size uploaded to the Image field. This setting does not restrict the total size of all
files uploaded to the field.

Adding IP Address Fields

The IP Address field type enables users to store an IP address in either the IPv4 or IPv6 format. The
format is specified when you create the field and it cannot be changed later. The IPv4 format is
broken into four adjoining sub-fields, which must contain a numeric value between 0 and 255. The
IPv6 format is broken into eight adjoining sub-fields and is displayed to the user using either the full
syntax or the shorthand syntax.
Add an IP address field

You can add an IP address field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add an IP Address
field.
c. Select the application or Questionnaire.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click IP Address from the
l To add a field from an existing field, click Copy an existing Field and select the IP address
4. Click OK.

7. In the Display Control section, select the version for the IP address.
Display
Description
Control
IP Address Displays the IP Address in either version 4 or version 6. You cannot change
Version 4 the format after you save.
IP Address
Version 6
behavior.
Option Action

Option Action
application.
selected.
9. Do one of the following based on the display control you selected in step 8:
l If you selected IP Address Version 4, go to the next step.
l If you selected IP Address Version 6, specify the values for the IP address version 6 format in
the Configuration section.
Option Description
Control Specifies the display syntax. This option only affects how the address is displayed
to the user when viewing a record. It does not impact how the address is
displayed when adding or editing a record, nor does it change how the address is
stored in the database:
l Full. Displays the full syntax of the address to the user when viewing records
with this field.
l Short-Hand. Displays the shorthand syntax of the address to the user when
viewing records with this field.

Adding Last Updated Date Fields

The Last Updated Date field type is automatically populated each time changes are saved to a
record. When configuring the properties of a last updated date field, you can select whether to
display the contents of the field in individual records or in the record header. You can also select to
display time and user information along with the date value.
Note: If you add a new related record in a cross-reference field, the Last Updated Date field does
not update when the related record field is on the layout.
Add a last updated date field

You can add a last updated date field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add a last updated
date field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Last Updated Field from
the System Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the last updated
date field you want to copy.
4. Click OK.
6. Click the Options tab and select the options for including the field in search results and for
displaying information about the field.

Option Action
Time Displays time information (hours, minutes and the AM or PM designation) along
Information with the date value.
User Displays the name of the user who published the record along with the date
Information value.
Header Displays date first published or last published in the page header of records by
Display default. To remove it from display, clear the Page Header Display checkbox.

Adding Matrix Fields

The Matrix field type provides the ability to display a two-dimensional array of checkboxes,
allowing users to plot or rank responses relative to two factors. For example, you might create a
matrix to assist in analyzing a broad set of characteristics across your physical assets. The columns
of the matrix might represent characteristics, such as maintenance burden, portability and power
consumption, while the rows might represent ranking levels, such as high, medium, and low.
Add a matrix field

You can add a matrix field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add a matrix field.

2. Click Add New.
3. In the Methods section, do one of the following:
l To add a new field, click Create a new Field from scratch and click Matrix from the
Advanced Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the matrix field
you want to copy.
4. Click OK.
7. In the Options section, select the behaviors of the field.
Option Action

8. In the Configuration section, specify the rules for selections and lists.
Option Description
control.
control.
Minimum Specifies whether the axis is based on a row or column and the minimum number
Selection of selections that a user can select.
Axis
Maximum Specifies whether the axis is based on a row or column and the maximum number
Selection of selections that a user can select.
Axis
Column Specifies the global values list that populates this column in the matrix. When
Values adding a field to a records, users can select an alternate global values list.
List
Row Specifies the global values list that populates this row in the matrix. When adding
Values a field to a records, users can select an alternate global values list.
List
If any records are saved in the application with column or row values from the
specified global values lists, do not select a different the global values on the
Column Values or Row Values tabs. If you select a different global values list
after users have saved records with value selections from the original global
values list, the values from this global values list are permanently lost and the
matrix field shows no selections.
9. Click the Column Values tab and enter the values for the columns in the Values section.
10. Click the Row Values tab and enter the values for the row in the Values section.


Adding Multiple Reference Display Control Fields

Use the MRDC field type to display data of cross-reference and related-record field using a single
control rather than displaying multiple cross-reference or related-record fields in the layout of a
record.
Add a multiple reference display control field

You can add an MRDC field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add a MRDC field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Multiple Reference
Display Control from the Advanced Field Type list
l To add a field from an existing field, click Copy an existing Field and select the MRDC field
you want to copy.
4. Click OK.

7. In the Options section, select whether the field is included in search results and other behaviors.
Option Action
8. In the Configuration section, specify the selection rules for the MRDC field.
Option Description
Selected Specifies the references that you want to display in the MRDC field. As an
References administrator, you can still view the suppressed fields on the Layout tab of the
Manage Applications page, but the individual fields are hidden from end users. If
you do not select the Suppress checkbox for a field and that field is included on
the page layout for the application, both the original field and the MRDC field
displays to end users, causing duplication of data on the page.

Option Description
Reference Specifies whether users can select one or more references.

Type
l Allow users to select only one reference: Select this option if you want users
to select related records from only one application in the MRDC field. Users
can select the application that houses the records they want to reference, and
they can select multiple records from that application. However, they cannot
select related records from more than one application.
l Allow users to select any number of references: Select this option if you want
users to be able to select related records from more than one application
within the MRDC field. Users can select the applications that house the
records they want to reference (by clicking the Add New link above the field
to select additional applications), and they can select multiple records within
those applications.
Note: If you select the MRDC option and save the field, you cannot change
the setting to Single Reference.

Adding Numeric Fields

The Numeric field type allows only numeric-value entries. Numeric fields can accept both positive
and negative values of any size. A numeric field can also be a calculated or trended field.
When configuring a numeric field, you can apply minimum or maximum value constraints to the
field. You can also specify the number of decimal places permitted for the value.
Add a numeric field
1. Go to the Fields tab of the application to which you want to add a Numeric field.

2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Numeric from the Basic
Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the numeric field
you want to copy.
4. Click OK.
6. Click the Options tab and select the options for including the field in search results and other
behaviors.
Option Action

Inline Edit

Option Action
Days 1 day
Months 30 days
Quarters 90 days
Years 365 Days

application.
selected.

Option Action
Sum Field Provides a total of all values entered in the field on the Search Results page for
an application or leveled application. The sum is only shown on Column-
Hierarchical and Column-Flat report format types.
When this option is selected, the total value appears in the last row of Numeric
Field column. The summation value represents a grand total and is displayed on
each page.
Numeric Allows users to filter search results in the application based on specific ranges of
Ranging values in the numeric field. When you select this option, you must define the
numeric range and its values after the numeric field is configured.
Format Formats the value using thousand separators.
7. In the Configuration section, specify the format for the numeric field.
Option Description
Decimal Specifies the number of decimal places that you want to require for values entered
Places in the field. The largest value available for this field is 6. If a user enters a value
in the numeric field with fewer decimal places than the number you have required,
the value is padded with zeros.
For example, if you require 3 decimal places and a user enters a value of "4.1" in
the field, the value is displayed as "4.100" when the record is saved. If a user
enters a value in the field with more decimal places than the number you have
required, the user is not permitted to save the record and is prompted to limit the
number of decimal places in the value to fit the field requirements.

Option Description
Negative Specifies how the negative numbers will display. Options include:
Display
l (1234.56) font color = red; default option
l -1234.56 font color = red
l (1234.56) font color = black
l -1234.56 font color = black
Minimum Specifies the minimum values users must enter in the numeric field within a
Maximum Specifies the maximum values users must enter in the numeric field within a
distance. For the tracking ID, you enter "XYZ" in this field. The tracking ID value
for a record would be "123456XYZ."
Increment Specifies the value that the number is increased or decreased. Available options
By are .01, .1, 1, 10, 100, 1000, or No Increment.

Define numeric ranges of a numeric field

When adding a numeric field, you can select to display a filter option on the Search Records page
that allows users to search the field based on a range of values. For each named range that you
create, you must define a beginning and ending value. For example, a range named "High" might
contain the values 8 through 10.
1. Go to the Fields tab of the application that you want to update.

2. Choose the numeric field for which you want to define numeric ranges.
3. Click the Options tab and select Numeric Ranging.
4. Click Save and return to the Fields tab of the Manage Applications page.
5. In the Field Type column of the numeric field, click the Numeric Ranges link.
6. Click Add New.
7. In the Name field, enter the name of the numeric range.
8. In the Beginning Value and Ending Value fields, select the numeric values that define the range.
9. Repeat steps 6 - 8 to define other numeric ranges.

Adding Record Status Fields

The Record Status field type is automatically populated based on the current status of the record and
only contains one of two values: New or Updated.
Add a record status field

You can add a record status field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add a record status
field.
2. Click Add New.

l To add a new field, click Create a new Field from scratch and click Record Status from the
l To add a field from an existing field, click Copy an existing Field and select the record status
4. Click OK.
Option Action

Adding Record Permissions Fields

Use a record permissions field to control user access at the record level.
Add the record permissions field

You can add a record permissions field to an application or questionnaire.
1. Go to the Fields tab to which you want to add the record permissions field.

2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Record Permission from
l To add a field from an existing field, click Copy an existing Field and select the record
permission field you want to copy.
4. Click OK.
7. In the Display Control section, select the control for displaying the record permissions field.
Display
Description
Control
Buttons
Boxes
8. In the Options section, select the behavior and validation rules for the record permissions field.

Option Action

Inline Edit
9. In the Configuration section, set the minimum and maximum selection values.
Option Description
Field Specifies the height of the field in lines and is specific to a Listbox or Text Area
Height display control. If more values are available for selection in the field than the
number of lines you specified, a vertical scroll bar appears in the field to enable
users to view all available values.
Column Specifies the number of columns for the Radio Buttons or Checkboxes display
Layout control options.

Option Description
control.
control.

Adding Scheduler Fields

You can create a scheduler field in the resource application so that users can see all of the
appointments to which they have been scheduled regardless of the parent application.
You can use the triangular reference in searches, calculations, and inherited record permissions.
Note that you cannot use the Scheduler field as a filter, in a data-driven event, or a rule for a data-
driven event.
Note: After you create a scheduler field, you cannot edit the Display Control or Configuration
options. You must delete the scheduler field, which removes the triangular relationships. After
creating the scheduler field, you must add it to the application layout.
Step 1: Add the scheduler field

You can add a scheduler field for an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add the Scheduler
field.
2. Click Add New.

l To add a new field, click Create a new Field from scratch and click Scheduler from the
l To add a field from an existing field, click Copy an existing Field and select the scheduler
4. Click OK.
7. In the Display Control section, select the display format.
Display
Description
Control
Schedule Schedule Grid: Displays appointments in a Gantt-like chart with the resource along
Grid the left side and the appointments in segmented columns based on start and end
Resource dates. In this view, you can see all assigned resources for each parent record. To
Grid assign resources to any parent application, you must configure a scheduler field
with the schedule view and add it to the layout of that application. Any module with
the scheduler field is considered a parent application.
Resource Grid: Displays appointments in a list grouped by parent applications for
all resources or the appointments for a particular resource when viewed by that
user. In this view, your users can see all appointments assigned to them through
this view regardless of the application to which they are assigned. Users can also
see any appointments that are not assigned to a resource.
8. In the Configuration section, select the applicable available reference.

Option Description
Available Designates the application to which a relationship is created when the

Reference appointment is viewed in the schedule view. This designation creates a triangular
relationship among this application.
For example, if you are creating the Scheduler field in the Engagements
application with the schedule view, it becomes the parent application. You can
then specify Contacts as its resource, which creates a triangular relationship
between Engagements and Contacts applications and the Appointment application.
If you select the Resource Grid as the Display Control, this designation
automatically establishes a relationship between the current module and the
Appointment application.
9. In the Options section, select whether the field is included in search results.
Option Action
l If you selected Resource Grid as the display control, go to the next step.
l If you selected Schedule Grid as the display control, complete the following:
a. (Optional) In the Record Lookup Configuration section, define the selection and sorting
criteria for displaying records from the related application from which you want users to

select from Record Lookup.
Options Description
Display Specifies the fields of data from the relationship application that are
Fields displayed on the Record Lookup page for users when they select related
records in the Scheduler field.
To select fields for display, click in the Display Fields field and select the
fields that you want to display from the Available list.
Use the below the Selected list to arrange the fields. The top-to-bottom
order of fields in the Selected list will be the left-to-right order of fields in
the Record Lookup page.
Filters Determines the filtering criteria for selecting records for display on the
Record Lookup page.
To set filters for the records to be displayed in the field, select the values for
the following fields:
l Field to Evaluate
l Operator
l Values
You can also create a dynamic filter for filtering record lookup.
Sorting Specifies the fields by which referenced records are sorted in the Record
Lookup page.
b. In the Schedule Display Configuration, select the resource fields that you want to display.
Option Description
Display Defines the columns of data that display in the Resource column of the
Fields schedule view.
Use the below the Selected list to arrange fields. The top-to-bottom
order of fields in the Selected list displays as the left-to-right order of
fields in the Related Record Field table.
11. Click Apply.

Step 2: Add the scheduler field to the application or questionnaire layout
1. Click the Layout tab.
2. Move the scheduler field from the Available Fields list to the location on the layout where you
want the Schedule or Resource object to appear.
3. Click Save.
Adding Sub-Form Fields

The Sub-Form field type enables you to embed a predefined sub-form in an application. Any
application owner can use a sub-form in any application. Sub-forms collect data within individual
records and display the data in a scrollable grid. Each time a user adds or edits a record in an
application, the user can make an entry in the sub-form and view entries that other users have made.
For example, if an application contains a sub-form designed to collect user comments, each user
who accesses a record in the application can submit a comment in the sub-form and view comments
submitted by other users.
To add a sub-form field in an application, you must first create the sub-form that you want to include
in the application. After creating the sub-form, you can then select it for an application though the
sub-form field.
Add a sub-form field

You can add a sub-form field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add a sub-form
field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Sub-Form from the

l To add a field from an existing field, click Copy an existing Field and select the sub-form
4. Click OK.
7. In the Options section, select behaviors and validation rules for the sub-form field.
Option Action

Option Action
for editing.
8. In the Grid Display Properties, select the fields that you want to display for the sub-form field.
Option Action
Display You can define the fields of data that display in the Sub-Form field grid of sub-form
Fields records. To select fields for display, click in the Display Fields field and select
the fields that you want to display from the Available list.
fields in the Selected list display as the left-to-right order of fields in the Sub-Form
field table.
Sorting Create one or more conditions:

1. In the Order column, select the order in which you want the results to be
displayed.
To create additional conditions, click Add New.
2. In the Grouping column, select whether you want to enable or disable sorting for
the user.
If you created more than one condition, you can apply advanced logic to your search
criteria.

9. In the Configuration section, select the selection and display rules.
Option Description
Minimum Specifies the minimum number of selections (from none to 20 selections) that
Selections a user can select in the Dropdown, Checkboxes, Listbox, or Values Popup
display control.
Maximum Specifies the maximum number of selections (from none to 20 selections) that
Selections a user can select in the Dropdown, Checkboxes, Listbox, or Values Popup
display control.
Field Edit Specifies whether users can edit and delete all records or only the records
Settings that they entered in the sub-form field.
l Edit Own Records - Allows users to edit or delete entries that they have
made in the sub-form field.
l Edit All Records - Allow users to edit or delete any entry in the sub-form
field, regardless of who enter it.
Field Designates specific users and groups as field administrators for the sub-form
Administrators or voting field, enabling them to edit and delete any entry made in the field,
you must select those users and groups.
To select the user and groups, click and from the Available list, and then
select the users and groups that you want to designate as field administrators
for the sub-form field.
The create, read, update, and delete rights available to a field administrator
are dependent on the rights that are in place for the parent object, such as an
application or a questionnaire.
If the parent object has only create and read rights, for example, the sub-form
field in that object is restricted to those same rights.
Default Determines the number of cross-referenced records that display in the grid
Records and is only available when the display control is set to Grid. If this option is
Display selected, only the first designated number of records are displayed. For
example, when this option is set to 10, only the first 10 records display in the
grid. If the number of records exceeds the default display number, a View All
link is displayed. A user can click this link to view all of the associated
records.

Adding Text Fields

The Text field type accepts both alphabetic and numeric entries. It can be displayed to users as
either a one-line text field or a multi-line (scrolling) text area. If the field is configured as a text
area, you can specify the height (in lines) for the control. In addition, a text field configured with the
text field display control (not text area) can be configured to display to end users as a masked text
field, allowing them to enter data in a defined format.
By default, entries in the text field are not restricted. However, when configuring this field type, you
can choose to set a maximum character length for entries. In addition, you can restrict users from
entering a value in the text field that is identical to a value entered in another record within the
application, thereby ensuring that all values in the text field are unique.
A text field can also be configured as a calculated field. When this option is enabled, you can
specify a formula for dynamically computing the value of the field.
Example: Using a text field as a calculated field

You could create the following formula to populate the Text field with the value "High Risk" or
"Low Risk" depending on another value of the field within the record:
IF([Exposure Rating] >=10, "High Risk", "Low Risk")
The calculated field would display as read-only for all application users, and its value would be
updated each time the field was recalculated.
Add a text field
1. Go to the Fields tab of the application to which you want to add a text field.
2. Click Add New.

l To add a new field, click Create a new Field from scratch and click Text from the Basic Field
Type list.
l To add a field from an existing field, click Copy an existing Field and select the text field you
want to copy.
4. Click OK.
7. In the Display Control section, select the display options for the text field.
8. In the Options section, determine the behavior and validation rules of the text field.
9. In the Configuration section, specify the format and default value for the text field.

Adding Tracking ID Fields

The Tracking ID field type uniquely identifies a record and has the following configuration options:
Option Description
System ID A sequential tracking ID that is generated based on the number of records in all
applications.
Application A sequential tracking ID that is generated based on the number of records in the
ID application. If you select this option, the tracking ID values for individual records is
based on the order in which they were added.
Add a tracking ID field

You can add a tracking ID field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add a tracking ID
field.

2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Tracking ID from the
l To add a field from an existing field, click Copy an existing Field and select the tracking ID
Option Action
Key Designates the field as the key field of a record. You must designate one field in the
Field application as the key field, but can only designate one field as the key field. You
can select the key field values in search results, and users can click the values to
open individual records. A key field must be on the page layout of the application.
After saving the field, you can only clear this checkbox by selecting another field as
the key field in the application. When you select this option, the Required Field,
Search Results, and Search Default Field checkboxes are automatically selected.
6. In the Configuration section, select the options for generating identification numbers and whether
the ID has a prefix or suffix.

Option Description
distance. For the tracking ID, you enter "XYZ" in this field. The tracking ID
value for a record would be "123456XYZ."
System ID Specifies whether the tracking ID is generated based on the number of records in
all applications.
Application Specifies that the tracking ID is generated based on the number of records in the
ID application.
You can change the tracking ID type later; however, the keyword search index
for all records in the application must then be rebuilt.
During the index rebuild, keyword search results may be inaccurate, and frequent
index rebuilds can impact system performance. For more information on
rebuilding the keyword search index, see "Rebuild All Indexes" in the
RSA Archer Control Panel Help.

Adding User/Groups List Fields

The User/Groups List field type is a specialized values list field that allows users to select users or
groups. You must select at least one user or group to display in the values list for the user/groups list
field. The users and groups from which you can choose are those that have been defined in the
Access Control feature.
You can grant record-level permissions and populate the field with users and groups. It is, however,
important to remember that you can:
l Restrict the list of groups that display as available selections in the field by selecting the Auto
Restrict Groups option. This option limits the groups that are available for selection to only those
groups for which the user is a member.

Example: Restricting groups from selection lists

You select the Sales, Marketing, and Management groups as available selections in the field. If a
user adds a record in the application and that user is a member of only the Marketing group, the
Marketing group is the only group available to that user for selection in the User/Groups List
field.
l Exclude inactive users from selection so they do not appear in a user or group list.
Note: You can convert a user/groups list field to a record permissions field to limit record access to
only those users or groups selected in the field.
Add a user/groups list field

You can add a user/groups list field to an application or questionnaire.
1. Go to the Fields tab of the application or questionnaire to which you want to add a user/groups
list field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click User/Groups List from
the Basic Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the user/groups
list field you want to copy.
4. Click OK.

7. In the Display Control section, select the option for displaying the field.
Display
Description
Control
Buttons
Boxes
8. In the Options section, select the behavior and validation rules for the user/groups list field.
Option Action

Option Action

Inline Edit
9. In the Configuration section, specify the values for the minimum and maximum number of
selections.
Option Description
control.
control.
10. In the Field Population section, select the users and/or groups for populating the user/groups list
field.

Option Description
Available Selects the groups or users that you want to place in a field.
Users/Groups
l Record Creator. Adds the user who is adding or editing the record.
l Individual Groups and Users. Adds individual groups and users.
l All Groups. Adds all groups from the Available List.
l All Users. Adds all users from the Available List.
l Find Bar. Searches for users or groups.
Show Users Enables the end-use to expand groups within a field to view the users in that
group.
Default Designates a user group or user as the default value for a field. When users
add new records, the default values are automatically selected in the field.
Cascade Applies group selections to sub-groups in the User/Groups list. If Cascade is

selected for a group that contains sub-groups, those sub-groups will be
available for selection in the User/Groups List field.
If a user selects only the parent group, sub-groups nested beneath that parent
group are not included in the selection. Only individual users who are members
of the selected parent group are included in the selection.
Auto-Restrict Limits the groups that are available for selection to only those groups for which
Groups the user is a member.
For example, you select the Sales, Marketing, and Management groups as
available selections in the field. If a user adds a record in the application and
that user is a member of only the Marketing group, the Marketing group will be
the only group available to that user for selection in the User/Groups List field.
Default to Includes only the groups for which the default selection is the record creator.
Creator Only groups that are defined as available values for this field can be selected
Groups by default.
Exclude Excludes inactive users whose user status is no longer active and whose
Inactive access is revoked.
Users


Adding Values List Fields

Values list include the values that users are allowed to select from in a values list, matrix, or cross-
application status tracking field.
Add a values list field
1. Go to the Fields tab of the application to which you want to add a Values List field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Values List from the
l To add a field from an existing field, click Copy an existing Field and select the values list
4. Click OK.
5. In the General Information section, enter the name and description.
7. In the Display Control section, select the option for displaying the field:
Display
Description
Control
Buttons
Boxes

Display
Description
Control
behavior:
Options
Option Action

Inline Edit

Option Action
Days 1 day
Months 30 days
Quarters 90 days
Years 365 Days

9. In the Configuration section, specify the minimum and maximum number of selections a user can
make.

Option Description
control.
control.

Adding Voting Fields

The Voting field type allows users to rank a record in two ways. A Total Votes tally allows users to
vote for or against a content record. Each vote is assigned a weight as determined by the field
administrator. The field shows the total votes for the record. An Average Votes tally allows user to
rate the record based on a range of 1 to 5. All votes are averaged to determine the overall rating,
which is reflected in the field.
By configuring voting reset rules, you can determine when the votes in the voting field should be
reset, if at all. Both field options provide the ability for a defined set of users. You can allow Field
Administrators to view a detailed report when each user voted on the content along with the rating
provided. This field provides access to the Voting Field Detail report. This report lists the user,
email address, date, and rating for the field.
Add a voting field

You can add a voting field to an application or questionnaire.

1. Go to the Fields tab of the application or questionnaire to which you want to add a voting field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Voting from the Basic
Field Type list.
l To add a field from an existing field, click Copy an existing Field and select the voting field
you want to copy.
4. Click OK.
7. In the Options section, select the options for including the field in search results and behavior
rule.
Option Action
Default not prevent users from removing the field from the Search Results page. Users can
Field click Modify in the toolbar and remove the field from the Fields to Display section
of the application Search Records page.
Validate Designates that a calculated field is recalculated whenever any value is changed in
Always a record. If the Validate Always option is not selected, this field is validated only
when the value in that field has changed.
8. In the Configuration section, specify the tally and weight options for the voting field.

Option Description
Vote Tally Specifies whether the results should display a total number of votes cast or an
average of the ratings provided by end users.
Vote Weight Specifies how much each vote is worth. For example, if the Vote Weight is
"10" and ten users have submitted a vote, the total value displayed would be
"100."
Field Designates specific users and groups as field administrators for the sub-form
Administrators or voting field, enabling them to edit and delete any entry made in the field,
you must select those users and groups.
To select the user and groups, click and from the Available list, and then
select the users and groups that you want to designate as field administrators
for the sub-form field.
The create, read, update, and delete rights available to a field administrator
are dependent on the rights that are in place for the parent object, such as an
application or a questionnaire.
If the parent object has only create and read rights, for example, the sub-form
field in that object is restricted to those same rights.
9. In the Voting Reset Rules section, enter the rules for purging recorded votes. If you do not set
the voting reset rules, votes are never purged.
Each row represents one set of filter criteria.
Option Description
Field to Specifies values to create a condition by selecting the field to evaluate.

Evaluate
Operator Provides the filter that evaluates the field in the creation of a condition. The
available operators depend on the type of field selected in Field to Evaluate.
Value(s) Opens the Record Lookup, which enables users to choose which value or values
to add to the condition.
Relationship Connects two or more conditions together. If you add more than one condition,
you can apply advanced logic to your search criteria.
Actions Removes all data inputted when is clicked.

Option Description
Advanced Forms relationships between two or more conditions.

Operator
Logic

Adding Field-Level Help

You can create field-level Help that displays with a field in the user interface. By incorporating
field-level Help, you can provide additional guidelines and instructions to ensure users enter
appropriate information in the field. This Help text can display for users when they add, edit and
view records in the application where the field resides. You can configure field-level Help to display
above or below the field, as a tool tip (mouse over), or in a pop-up window that users can open by
clicking .
Help displays based on the mode the user is in when accessing it:
Mode Description
Edit Help is displayed for users when they add or edit a record in the application where
the field resides.
View Help is displayed for users when they view a saved record in the application where
the field resides.
Edit and Help is displayed for users when they add, edit, or view a record in the application
View where the field resides.
Help is displayed for users when they add, edit, or view a record in the application
where the field resides.
Note: You can also create field-level Help using text boxes in an application layout. Text boxes
enable you to provide instructions or additional information that can appear above, below or beside a
field when users add, edit or view records in an application.

Field-level help text

Contains the actual text that is displayed for the field. Consider the following general guidelines
when writing field-level Help:
l Use short, concise instructions that direct the user to take a specific action. For example, "Enter
your name" is preferable to "This field is used to enter your name."
l Use complete sentences whenever possible.
l Avoid jargon (unless terms are critical and are familiar to your users).
l Consider the technical aptitude of your audience and author your help text at a corresponding
level.
l Use “you” and “your” as if you are speaking directly to the user.
l Consider posing Help text in the form of a question, for example, "What is your level of interest?"
View and edit display options

The View display Options and Edit Display Options determine where the help text appears in the
View and Edit modes.
Options Description
None Help text does not display.
Above Help displays above the field in edit and view modes.
Below Help displays below the field in edit and view modes.
Tooltip Help displays as a tool tip (mouse over) on the field name in edit and view modes.

Options Description
Icon Help icon displays beside the field in edit and view modes. Click this icon to display
the field Help. The application dynamically sizes of the Help box based on the number
of characters in the text.
Add field-level help
1. Click the Help Text tab of the field you are updating.
e. Select the field.
f. Click the Help Text tab.
2. In the Help Text field, enter instructional and descriptive text for the field.
3. In View Display Options, select the behavior for displaying the help in View mode.
4. In Edit Display Options, select the behavior for displaying the help in Edit mode.
5. Click Apply.
Assigning Access Rights to a Field

Access rights determine whether all users or only select users or groups have access to the field.
Option Description
Public Public fields are available to all end users. If a certain field is configured as private,
users who do not have rights to the field cannot view it when adding, editing, or viewing
records in the application.
Private Private fields are only available to the users and groups to which you grant access rights.

Assign access rights to a field
1. Go to the Fields tab of the application, questionnaire, or sub-form that contains a field to which
you want to assign an access role.
b. Under Application Builder, click Applications, Questionnaires, or Sub-Forms.
2. Click the field to which you want to assign an access role.
3. Click the Access tab.
4. In Permissions, select Public or Private.
l If you selected Public, go to step 8.
l If you selected Private, continue at the next step.
6. In the Available list, select the groups and user to which you want to assign field-specific
permissions.
7. In the Selected list, do one or more of the following:
l Click the Full Access checkbox for the user or group to grant full access rights (read and edit)
for the field to a user or group.
l Clear the Full Access checkbox for the user or group to limit access to a read-only status.
l Click the Cascade checkbox for the user or group to extend access rights to sub-groups of a
selected group.

Changing the Field Status

When a field is no longer needed but you do not want to delete it, you can change its status from
active to inactive.

Field
Description
Value
Active Active fields display when users add, edit, and view records in the application.
Active fields can be referenced in record searches, calculated field formulas, and data
driven events.
By default, the field status is Active.
Inactive Inactive fields are not displayed in any application record and cannot be referenced by
other options in RSA Archer GRC.
Inactivate a field
1. Go to the Fields tab of the field you want to inactive.
2. Select the field you want to inactivate and go to the General Information section under the
General tab.
3. In the Status field, select Inactive.

Deleting Fields
You can delete a basic or advanced field type from an application. Deleting a field also deletes all
data previously stored in that field. You cannot delete the key field from an application. To delete a
field designated as the application key field, you must first designate another field as the key field.
When you delete a field that has trending enabled, all trending data associated with the field is
deleted. An asynchronous cleanup job that runs once per day removes both expired trended data and
any trended data for fields that the user has disabled trending. After the field is deleted, the trending
chart related to the field is replaced with a Placeholder layout object with the same span properties
on the application layout.

Note: When you delete a system field type (First Published Date, Last Updated Date, Record
Status, Related Records, or Tracking ID), the field is deleted but the data is still stored in RSA
Archer GRC.
Note: You cannot delete a field that is used in an advanced workflow.
Delete a field
1. Go to the Fields tab of the application in which you want to delete a field.
2. Click the row and view the description of the field that you want to delete.
3. Click for that field. Some fields in RSA Archer GRC applications may be locked, allowing
administrators limited access. If no is displayed, that field is locked and cannot be deleted.
Note: RSA strongly advises against deleting a Tracking ID field even if is displayed. By
default, a Tracking ID is the key field for a record, and deleting it could impact related records.
4. Click OK.
Enabling and Disabling Trending on a Field

You can enable or disable trending to track status changes for the value of a numeric or values list
field. You must set a duration period when enabling trending on the field.
You can disable trending on a numeric or values list field that has trending enabled so that trending
data is no longer retained for the field. An asynchronous cleanup job that runs once per day removes
both expired trended data and any trended data for fields that the user has disabled trending. When
trending is disabled on a trending-enabled field, the trending chart on the application layout is
replaced with a Placeholder layout object with the same span properties.
Enable trending on a numeric or values list field
Note: If the trended field was disabled and then enabled, no trending data is retained from the last
time the field was set to trending-enabled and the asynchronous job ran. The trending duration period
must be set each time trending is enabled.

2. Select the trended field (numeric or values list field) that you want to disable trending.
4. Click Enable trending options for this field checkbox and enter the duration period.
5. Click Save.
6. Click OK to continue.
Disable trending on a trended field
2. Select the trended field (numeric or values list field type) for which you want to disable trending.
3. Clear the Enable trending options for this field checkbox.
4. Click Save.
5. Click OK to continue.

Calculated Fields
Calculated fields eliminate the tedious and potentially error-prone process of manually calculating
values. A calculated field is a configuration option that enables you to specify a formula for
dynamically computing a value for a text, numeric, date, or values list field. Calculated fields are
read-only for all users. RSA Archer GRC populates the value of a calculated field based on the
formula that you build for a specific field. You must have ownership rights of the application,
questionnaire, or sub-form to create a calculated field.
Important: Dates and times are converted to Greenwich Mean Time (GMT) in theRSA Archer
GRC database. As a result, dates and times in calculations are returned in GMT.
Essential terminology
Term Definition
Always A property of a calculated field that specifies that the field is always recalculated
(calculate) whenever content changes.
Asynchronous A process that runs independently in the background. Most calculations are
queued for re-calculation in an asynchronous job instead of inline on content save.
Content is updated when the job runs instead of immediately.
Calculate The means to update a calculated field inline while viewing or editing a record
Immediately that has a calculated field.
Execution The means of calculating the value of a calculated field. Calculations can be
executed inline or asynchronously.
Formula A built-in formula editor that contains a library of functions and operators. Use
Builder this tool to create formulas for calculated fields.
Marked Any content that has an outstanding calculation that needs to be recalculated. This
Content content is ‘marked’ for recalculation.
Examples of how your organization might use a calculated field:
l Calculating custom threat and severity ratings
l Comparing the values of two fields
l Creating custom tracking IDs
l Displaying the number of days remaining before a critical deadline
l Performing a calculation to be used in the calculation of another field

l Performing complex risk calculations based on the results of values in other fields
l Producing weighted risk scores for risk assessments
Example: Formula using the DATEDIF function

The following formula is used to determine the number of days between the date a record was last
updated and the date of a critical deadline:
DATEDIF([Last Updated Date],[Project Deadline])
When you use the DATEDIF function in your formula and reference the Last Updated Date and
Deadline fields in an application, the formula returns a value of 15 days in the calculated field for a
record if the Last Updated Date value for that record is 1/1/2015 and the Deadline value is
1/15/2015.
General behaviors
Formulas of calculated fields are allowed unrestricted access to data in all private fields, regardless
of the access rights configured for those fields.
Calculations are executed in the order that they are defined. Calculations that are dependent on other
calculations may not produce the intended results if they are not correctly sequenced. Consider the
calculation order to ensure correct calculations. The calculation order can be rearranged.
Calculations execute when a record is saved. RSA Archer GRC determines whether changes in the
record warrant a recalculation of any associated calculated fields. If the update to the record does
not impact a specific calculated field, RSA Archer GRC does not recalculate the value of that field.
This evaluation optimizes system performance and eliminates unnecessary calculations.
If no changes are committed to a record, calculated values in that record are not updated. At times,
though, business requirements may dictate that date-sensitive formulas be recalculated on a daily
basis. To meet this demand, RSA Archer GRC facilitates recalculations through a recalculation
scheduler. Once an application has been placed on a recalculation schedule, RSA Archer GRC
automatically refreshes the values of all calculated fields each day at the specified time. You can
however recalculate a specific field in an application, even if the changes in the record do not lead
to an updated calculated value.
Calculation behaviors in notifications

Notifications are not sent if changes only affect a calculated field when saved. If content changes
are made to other fields, notifications are sent.

Changes must be detected and recognized for notifications to be sent. For example, Field A is a
numeric field with the value of 5. A user changes this field to a value of 10, and then back to a value
of 5, and then saves. In this case, the notification is not sent because the actual value of the field did
not change. The original and ending field value is 5.
Use cases for calculated fields

The following examples show how calculated fields can be used to meet a variety of business
requirements.
ID Generation Requirement: Create a unique record ID that combines a threat-type code, the
current date, and a counter value that is automatically incremented with each new
record. Always express the counter value using five digits; pad zeroes on the
value when necessary. Example: WORM-05232005-00019
Solution: Create a calculated text field that uses the following formula:
[Type Code] & “-“ & DATEFORMAT(TODAY( ), “mmddyyyy”) & “-“ &
NUMERFORMAT(CONTENTID( ), 0000#)
Scoring Requirement: Using key impact indicators, assign a priority score to a security
violation report. Do not display a raw numeric score. Instead, determine whether
the score falls within the High or Low priority range. Display a text value
indicating the final priority score. Example: High
Solution: Create a calculated Numeric field to compute the raw priority score.
Suppress the display of this field by removing it from the application layout, then
create a calculated text field that maps the raw score to a priority range. Display
the corresponding range name (High or Low) in the calculated text field. Use the
following formulas:
Field Type Formula
Numeric SUM([Current Impact], [Potential Impact], [LOB Impact]) *
Field [Violation Potential])
Text Field IF([Raw Score] <= 15, “Low”, “High”)
Date Requirement: Compute and display the number of days remaining before a
Countdown trouble ticket record reaches its promised resolution deadline. Example: 5 Days
Remaining
Solution: Create a calculated Text field that uses the following formula:
([Due Date] - TODAY( )) & “Days Remaining”

Complex/nested formulas
The formula for a calculated field can be dependent on the results of other calculations. It is very
likely that you may require complex and nested formulas. Use the following guidelines for these
cases:
Use the Always option of the Recalculation rules when a formula contains the NOW( ) or TODAY(
) functions, or user first name, last name, and middle name (Editor) parameters. When this option is
selected, fields are recalculated whenever content is saved regardless of content change. This option
adds processing overhead and can slow performance if used unnecessarily.
Using the Always option for any other purpose may result in cycles. This condition makes it more
difficult to find and to troubleshoot.
When using the DATEADD or DATEDIF function, the functions error when the Date field is
empty.
Adding Calculated Fields

The calculation formula is managed and configured as a field property of a numeric, text, date, or
values list field. You can build a formula for a calculated field that dynamically computes the field
value in individual records. Formula builder provides a library of functions (for example, IF,
ROUND, AVERAGE) and operators (for example, +, -, <=, and others) that you can use to build a
formula.
When you add a field to your formula, the field name is surrounded by brackets, for example, [field
name]. When a field is referenced in a formula, the value in that field is used to compute the
calculated field value in each record.
You can control the frequency of calculations and how error messages are communicated to end
users through calculation properties. These properties minimize unnecessary system activity. If an
update to a record does not impact a specific calculated field, the field is not recalculated.
Considerations when creating or modifying a formula for a calculated field
l Calculated-field formulas are allowed unrestricted access to data in all private fields, regardless
of the access rights configured for those fields.
l If a formula previously defined for a calculated field is altered, the user is prompted whether to
recalculate the field when saving the record.
l Values list fields that are configured to allow multiple selections can only be referenced in
formulas with the ISEMPTY, CONTAINS, and COUNT functions. If a formula uses functions
other than ISEMPTY, CONTAINS, or COUNT to reference a multi-select Values List field with
a Maximum Value setting greater than 1, the formula fails validation.

l If a comparison operator (=, <, >, <=, >=, <>) references a values list field that is configured to
allow multiple selections, the formula fails validation.
l Formulas for calculated fields that reside in a sub-form only are permitted to reference other
fields in the same sub-form. Calculated fields in a sub-form cannot reference fields that reside in
the parent application.
Step 1: Add a calculated field
1. Complete the process for adding a date, numeric, text, or values list field.
2. In the Options section, select Calculated Field to display the Calculation Properties section.
Important: If you select Calculated Field and save this change for a field in which user-entered
values have already been entered, all values written to that field are deleted across all records in
the application and are replaced with calculated values. Conversely, if you clear the Calculated
Field checkbox for a field in which calculated values have already been saved, those calculated
values are retained in the database.
Step 2: Build the formula

You can edit a formula directly in the Formula field or the function and operations to insert the
proper syntax.
1. In the Calculation Properties section, click Add Formula.
2. Scroll down to Functions & Operators, select the functions and operators (one at a time) that you
want to use in the formula.
l To include a field reference as a parameter for the formula, click the field in the Available
Fields list.
l To include a field-value reference from a Values List field as a parameter for the formula,
expand the appropriate field node in the Available Fields list and select the value. The value
is added to your formula within the "VALUEOF" function.

Note: If you select a field value to reference in your formula and that value is later modified in
the values list, the field-value reference in your formula is automatically updated to reflect the
modified value.
4. When you finish creating the formula, click Validate in the top-right corner of the formula.
If the validation process encounters an error in the formula, a message displays that describes
the error or alerts you that the formula contains an unknown error. The validation process only
identifies one error at a time, even if the formula contains multiple errors. If you get an error
message, correct the error and click Validate again. If you get another error message, correct
that error as well. Continue this process until the formula passes the validation process.
5. Click OK.
6. Click Apply.
Step 3: Define the behavior and error handling rules
1. Go to the Calculation Properties section.
2. In the Recalculation field, select behavior for recalculating field values.
Field Description
As Formulas are recalculated when a dependent field in the formula changes.

Needed
Always Formulas are recalculated every time content is saved even though a field is not
referenced in the formula. Formulas that contain NOW ( ) and TODAY ( ) functions,
or user first name, last name, and middle name (Editor) parameters are recalculated
regardless of content change.
3. In the Error Handling field, select rules for handling errors.
Field Description
Display Displays the word Error as a link when a calculation error occurs. Users with the
Error appropriate access privileges can click the link to open the Calculation Error page
where the error is explained.
Use No Saves an empty value in the field when a calculation error occurs.
Value
Use Saves a specific value in the field when a calculation error occurs
Specific

4. Click Save.
Calculation Process
Formulas of calculated fields are recalculated whenever there is a change in the content of a field,
related field, or sub-form. Calculations are executed either through administrative or user functions.
Function Action Execution
Administrative Calculations Administrator updates a formula of a calculated field and queues

queued in an an asynchronous job. This job runs during normal processing
asynchronous based on the number of jobs in the queue.
job
Calculations 1. Administrator schedules an asynchronous job to run a full

scheduled in module recalculation. The job is queued with all fields in the
an
module for calculation.
asynchronous
job 2. Administrator schedules an asynchronous job for recalculation
to run at a specified time. When job runs, all formulas with
NOW ( ) and TODAY ( ) functions and any calculated fields
set to Always recalculate are calculated.
User Calculations 1. User clicks the Recalculate button while viewing a record.
recalculated Content ‘marked’ for recalculation is recalculated.
inline
2. User clicks the Apply button without making a change.
Content ‘marked’ for recalculation is recalculated.
3. User clicks the Save button after making a change. Content is

saved and ‘marked’ content is recalculated.
Recalculation process
Recalculations are processed immediately or through an asynchronous job.

Type Description
Immediate Calculations are triggered by a user saving a record that is either 'marked' or
changing a field that is used by a calculated field in the same level. 'Marked'
content is changed to an ‘unmarked’ status when a user saves that content.
An immediately applied calculation can be performed in a cross-referenced
application one level away.
For example, Application A is dependent on a calculated field in Application B.
Application B has a cross-reference relationship with Application A. When a
record is updated in Application B, its related record in Application A can be
recalculated immediately when the user returns to Application A and clicks Apply
or Save.
Related records are updated when a user initiates the recalculation or the
recalculation is updated through an asynchronous job.
l When updated by the user, the Last Updated field contains the identification of
the user who updated the record.
l When updated by an asynchronous job, the Last Updated field is not updated.

Type Description
Asynchronous Queued asynchronous jobs run based on the number of jobs in the job queue.
jobs Scheduled asynchronous jobs run at a specified time regardless of any current
activity on the record.
Calculations are queued in an asynchronous job in various ways.
l Change the formula of a calculated field, and select Yes to recalculate the
field.
l Change the weight of a question field.
l Change the order of calculations.
l Change the Recalculation option of a calculated field, and select Yes to

recalculate the field.
l Change the Error Handling option of a calculated field, and select Yes to
recalculate the field.
l Change the input mask on a text field that is referenced by a calculated field.
l Change the numeric attribute of a value in a Values List field that is referenced
by a calculated field.
l Change the Other text attribute of a value in a Values List field that is
referenced by a calculated field.
l Change the Correctness attribute of a value in a Questions Values List field

that is referenced by a calculated field.
Example: Triggers for recalculating
Scenario 1. Edit a record by changing a field that is tied to a calculated field in an application.
1
2. Save the record.
Results: Any calculated field dependent on that change is recalculated immediately.

Scenario 1. Edit a record that has a dependent field in a related application.

2
2. Drill into a cross-reference application.
3. Change the dependent field in a related record.
4. Save the record.

Results: Recalculations for the dependent fields are queued in an asynchronous job and
is processed based on the number of jobs in the job queue.
Asynchronous job processing

When you change the formula of a calculated field and schedules the recalculation in an
asynchronous job, the content affected by this change has a status of ‘marked’ for recalculation.
When this condition exists, the following occurs:
l The asynchronous job is queued with all fields ‘marked’ for recalculation.
l The content is ‘marked’ for recalculation and can be recalculated immediately in View or Edit
mode.
l Any calculated field in the same level with the content status of ‘marked’ is reset and is no longer
‘marked’ for recalculation.
When you change the formula of a calculated field but does not schedule the recalculation in an
asynchronous job, the contents in this application affected by this change is not ‘marked’. When this
condition exists, the content status is updated by a user saving the change or by the asynchronous
job.
However, if you change one or more fields and only schedule an asynchronous job for one of the
fields, all fields ‘marked’ for recalculation are included in the asynchronous job.
Example: Asynchronous Job Queued
Scenario There are four fields: Risk, Criticality, Controls, and Rating.
Risk is dependent on the value of Criticality.
SUM([Risk], [Criticality]).
Field Controls is dependent on the value of Rating.
IF(CONTAINS[Rating] “10”, RANK(REF([Controls] “5”)))

Action 1 Administrator updates both formulas of the calculated fields and schedules an
asynchronous job to recalculate the fields.
Results Formulas are updated in the applications.

[Risk] and [Controls] are ‘marked’ for recalculation.
Action 2 User with Read and Update permissions views the record in View mode.
User notices message that content is not up to date and clicks Recalculate.
Results [Risk] is recalculated immediately, and the updated value is displayed.

[Controls] is recalculated immediately, and the updated value is displayed.
Example: Asynchronous Job Not Queued
Scenario There are four fields: Risk, Criticality, Controls, and Rating. Risk is dependent on the
value of Criticality. SUM([Risk], [Criticality]). Field Controls is dependent on the value
of Rating. IF(CONTAINS[Rating] “10”, RANK(REF([Controls] “5”)))
Action 1 Administrator updates both formulas of the calculated fields and does not schedule an
asynchronous job to recalculate the fields.
Results Formulas are updated in the applications. [Risk] and [Controls] are not ‘marked’ for
recalculation.
Action 2 User with Read and Update permissions views the record in View mode. User is not
notified that content is not up to date.
Results Contents of [Risk] and [Controls] are not updated.
Functions and Operators for Calculated Field Formulas

RSA Archer GRC provides a library of functions and operators that you can use to build a formula.
The library of functions is divided into categories. By clicking a category, you can see the functions
that it contains, along with a description of each function. To view a more detailed function
description that includes syntax requirements, parameter descriptions, and examples, you can click
the function you want.

Date functions
Use these functions to produce dynamic values and to manipulate date information.
l DATEADD Function l MONTHNAME
l DATEDIF Function Function
l DATEFORMAT Function l NOW Function
l DATETIMEVALUE l QUARTER Function
Function l TODAY Function
l DAY Function l WEEKDAY Function
l HOUR Function l WEEKNUMBER
l MINUTE Function Function
l MONTH Function l YEAR Function
Important: Dates and times are converted to Greenwich Mean Time (GMT) in RSA Archer GRC
database. As a result, dates and times in calculations are returned in GMT.
Date format descriptions
Date
Return Example
Element
M Displays the month as a number without a leading zero (Example: 1)
MM Displays the month as a number with a leading zero (Example: 01)
MMMM Displays the month as a full month name (Example: January)
d Displays the day as a number without a leading zero (Example: 5)
dd Displays the day as a number with a leading zero (Example: 05)
dddd Displays the day as a full name (Example: Monday)
yy Displays the year as a two-digit number (Example: 06)
yyyy Displays the year as a four-digit number (Example: 2006)
h Displays the hour as a one-digit or two-digit number based on a 12-hour clock format
(Example: 9)

Date
Return Example
Element
hh Displays the hour as a two digit number (with a leading a leading zero, if necessary)
based on a 12-hour clock format (Example: 09)
H Displays the hour as a one-digit or two-digit number based on a 24-hour clock format
(Example: 13)
HH Displays the hour as a two-digit number based on a 24-hour clock format (Example:
13)
m Displays the minute as a number without leading zeros (Example: 5)
mm Displays the minute as a number with leading zeros (Example: 05)
t Displays the one-letter AM/PM designator appropriate for the given time, regardless of
whether the time is based on a 12-hour or 24-hour clock. (Example: 1:00 P for 12-hour
clock; 13:00 P for 24-hour clock)
tt Displays the two-letter AM/PM designator appropriate for the given time, regardless
of whether the time is based on a 12-hour or 24-hour clock. (Example: 1:00 PM for 12-
hour clock; 13:00 PM for 24-hour clock)

Financial functions
Use these functions to execute common calculations associated with the financial industry.
l DB Function l NPV
l DDB Function
Function l PMT
l FV Function Function
l IPMT l PPMT
Function Function
l IRR Function l PV Function
l ISPMT l RATE
Function Function
l MIRR l SLN
Function Function
l NPER l SYD
Function Function
l VDB
Function
Logical functions
Use these functions to evaluate an expression and return a specific result.
l AND Function
l IF Function
l NOT Function
l OR Function
Math functions
Use these functions to manipulate numeric values through a variety of options.
l ABS Function l PI Function
l ACOS Function l POWER Function

l ACOSH l PRODUCT Function

Function l QUOTIENT Function
l ASIN Function l RADIANS Function
l ASINH Function l RAND Function
l ATAN Function l ROUND Function
l ATAN2 Function l ROUNDDOWN
l ATANH Function
Function l ROUNDUP Function
l CEILING l SIGN Function
Function
l SIN Function
l COMBIN
l SINH Function
Function
l SQRT Function
l COS Function
l SUM Function
l COSH Function
l SUMIF Function
l DEGREES
Function l SUMPRODUCT
Function
l EVEN Function
l SUMSQ Function
l EXP Function
l SUMX2MY2 Function
l FACT Function
l SUMX2PY2 Function
l FLOOR Function
l SUMXMY2 Function
l INT Function
l TAN Function
l LN Function
l TANH Function
l LOG Function
l TRUNC Function
l LOG10 Function
l MOD Function
l ODD Function

Statistics functions
Use these functions to analyze information through the use of many common statistical options.
l AVEDEV Function l MIN Function
l AVERAGE Function l MINA Function
l AVERAGEA Function l MODE Function
l BINOMDIST Function l NEGBINOMDIST
l CHIDIST Function Function
l CHIINV Function l NORMDIST Function
l CONFIDENCE l NORMINV Function
Function l PEARSON Function
l CORREL Function l PERCENTILE Function
l COUNT Function l PERCENTRANK
l COUNTA Function Function
l COUNTBLANK l PERMUT Function
Function l POISSON Function
l COUNTIF Function l PROB Function
l COVAR Function l QUARTILE Function
l CRITBINOM Function l RANK Function
l DEVSQ Function l RSQ Function
l EXPONDIST Function l SKEW Function
l FDIST Function l SLOPE Function
l FINV Function l SMALL Function
l FISHER Function l STANDARDIZE
l FISHERINV Function Function
l FORECAST Function l STDEV Function
l GAMMADIST Function l STDEVA Function
l GAMMAINV Function l STDEVP Function

l GAMMALN Function l STDEVPA Function
l GEOMEAN Function l STEYX Function
l HARMEAN Function l SUM Function
l HYPGEOMDIST l SUMIF Function

Function l SUMPRODUCT
l INTERCEPT Function Function
l KURT Function l SUMSQ Function
l LARGE Function l SUMX2PY2 Function
l LOGINV Function l SUMXMY2 Function
l LOGNORMDIST l TRIMMEAN Function

Function l VAR Function
l MAX Function l VARA Function
l MAXA Function l VARP Function
l MEDIAN Function l VARPA Function
l WEIBULL Function
l ZTEST Function
System functions
Use these functions to work with variables specific to RSA Archer GRC and options to produce
dynamic results.
l CONTAINS Function l REF Function
l CONTENTID Function l SELECTEDVALUENUMBER
l GETGROUPS Function Function
l GETUSERS Function l TRACKINGID Function
l GROUP Function l USER Function
l ISCORRECT Function l USERFIRSTNAME Function
l ISEMPTY Function l USERLASTNAME Function
l USERMIDDLENAME Function

l ISNUMBER Function l VALUEOF Function
l MOSTRECENTVALUE l WEIGHTEDSCORE Function

Function l WEIGHTING Function
l NOVALUE Function
l OTHERTEXT Function
Text functions
Use these functions to utilize and manipulate text strings to produce dynamic values.
l CONCATENATE l NUMBERFORMAT
Function Function
l FIND Function l PROPER Function
l LEFT Function l RIGHT Function
l LEN Function l SUBSTRING Function
l LOWER Function l TRIM Function
l MASKEDTEXT l UPPER Function

Function
Operators
The formula builder also offers a library of operators divided into categories. By clicking a category,
you can see the operators that it contains along with a description of each operator.
Category Operator
Arithmetic Addition
Division
Exponentiation
Multiplication
Subtraction

Category Operator
Comparison Equal To
Greater Than
Greater Than or Equal To
Less Than
Less Than or Equal To
Not Equal To
Text Concatenation Concatenate
Note: If a field included in an addition, subtraction, multiplication, division or comparison operation

is empty or null, the value "0" (zero) is used for the field value. The following formula is an
exception to this rule:
IF([Sample Field] = 0, "TRUE","FALSE")
In this formula, the Sample Field is not populated with the value "0" if the field is empty or null.
Instead, this formula returns FALSE when the Sample Field is empty or null.
Recalculation Conditions
Calculated fields can be recalculated when a user is viewing or editing a record. To initiate an
immediate recalculation, a user must have update permissions to the record. When initiated from
either mode, only marked content is recalculated. Content changes may result in outstanding
calculations in a related level or application.
The recalculation can be initiated when content is changed, or for content that has a status of marked
for recalculation. All calculated fields are recalculated immediately within the current content. All
related content affected by the change is marked and queued for recalculations in an asynchronous
job. When save or apply updates calculated fields, and there are no other user changes, notifications
are not sent.
When marked content is calculated asynchronously, only the fields associated with the executed job
are calculated. Notifications are never sent. Notifications are only sent when a user saves a record.
Calculated fields are only recalculated based on changes made directly in a data feed, data import,
web API, or scheduled recalculation jobs.
More information about recalculations in calculated fields
l In addition to scheduled recalculations, field recalculations are performed for a record each time

a user clicks Save or Apply for the record.
l Search does not trigger a recalculation of field values.
l Scheduled recalculations are written directly to the database and are not interpreted by the
application as true “record save” events and are not captured in the History Log field.
l Scheduled recalculations do not trigger notifications.
l Field-value changes stemming from a scheduled recalculation are not reflected in the audit
information displayed alongside a field.
l Each time that you create or edit a calculated field, the system searches for NOW and TODAY
in all of the application or formulas of the sub-form. If the system can no longer locate either of
these functions, any previously configured recalculation schedule are automatically disabled for
the application or sub-form.
l Fields with the As Needed option selected for recalculations are only recalculated if the value
will be changed.
l In multi-level applications, recalculation schedules are level-specific.
Other conditions may also trigger a recalculation condition.
Trigger Description
Full All fields for all content are queued for recalculation but are not marked.
Module Calculation
Scheduled Content status remains unmarked and the calculation is updated by an

Recalculations asynchronous job. Only the fields that are set to Always and formulas with
NOW( ) and TODAY( ) functions are recalculated.
Related Content When a user, job engine, data feed, or Web API makes a change to a field
that affects changes in a related module, the following occurs:
l An asynchronous job is scheduled to recalculate all affected content one
level away of the related module, for example related record in current
application or cross-referenced application in related record.
l All affected content in the related module (one level away) is marked for
recalculation.

Recalculation and error handling rules
Rule Description
Recalculation Determines when a field is recalculated As Needed or Always.

As Needed: Formulas are recalculated when a dependent field in the formula
changes.
Always: Formulas are recalculated every time content is saved even though a field
is not referenced in the formula. Formulas that contain NOW ( ) and TODAY ( )
functions, or user first name, last name, and middle name (Editor) parameters are
recalculated regardless of content change.
Error Determines what happens when a calculation error occurs. This rule has the
Handling following options:
Display Error: The word Error is displayed as a link when a calculation error
occurs. Users with the appropriate access privileges can click the link to open the
Calculation Error page where the error is explained.
Use No Value: An empty value is saved in the field when a calculation error
occurs.
Use Specific: A specific value is saved in the field when a calculation error
occurs.
Recalculations in edit mode

When in edit mode, the Recalculate button is not available. The recalculation is initiated from the
Save button.
Example: Cross-referenced field updated
Scenario Calculated field is [Total Risk] in Application A. [Risk] is a cross-referenced field.

[Controls] is a level in the cross-reference multi-level application and [Severity Rating]
is a field in the Controls data level.
SUM(REF([Risk], [Severity Rating], [Controls]))
Action 1 User drills into [Severity Rating] in Application B.

[Severity] = 12.
User changes value of [Risk] to 11 and clicks Save.
Content of [Total Risk] is ‘marked’ for recalculation.

Action 2 User with Read and Update permissions returns to Application A in Edit mode and
clicks Save.
Action 3 User saves record in Application B.
Results [Total Risk] is recalculated immediately, and the updated value is displayed.
[Total Risk]=23
Example: Calculated field updated by data feed
Scenario Application A has three fields Risk, Criticality, and Severity. Rating is a related record
in Application B.
[Total Risk] is dependent on the value of [Criticality].tota
SUM(REF([Risk], [Criticality]))
[Severity] is dependent on [Rating].
IF([Rating]=10, VALUEOF ([Severity],"High"),VALUEOF ([Severity], "Low")
Action 1 User changes the value of Critically in Application B and clicks Save.
Results Related content in Application A is 'marked'.
Action 2 Data feed updates [Rating] in Application A to a value of 10. Severity is calculated
upon content save initiated by the data feed.
Results [Total Risk] is not recalculated.

[Rating] is updated during the data feed.
[Severity] is changed to High.
Action 3 User view records and clicks Recalculate.
Results [Total Risk] is recalculated immediately.
Recalculations in view mode

When in View mode, a message is displayed stating that the content may not be current. The
Recalculate button is available.
Example: Cross-Referenced field updated


Action 1 User edits [Severity Rating] in Application B.

[Severity] = 12.
Action 2 User with Read and Update permissions returns to Application A in View mode and
clicks Recalculate.
[Total Risk]=23
References in Formulas
Calculated fields can be applied in any application, questionnaire or sub-form. You can design the
formula of the field to reference fields that reside within the application, a sub-form embedded in the
application, or a related application. If you are creating a calculated field for a sub-form, you can
design the formula of the field to reference fields that reside in the sub-form or in a related
application.
Using the REF function you can reference fields in an application, fields in related applications or
questionnaires, fields in a parent or child level, and specific values from values list fields.
Field references in formulas

By referencing fields and field values in a calculated field formula, you can produce calculated
values that are based on other conditions within the application, questionnaire, or sub-form.
Example: Formula containing field references
IF(CONTAINS(ANY, [Location], VALUEOF("New York")),"Yes","No")

In individual records, this formula produces the value "Yes" or "No" in the calculated field
depending on whether the value "New York" is selected in the "Location" field. If the value "New
York" is selected, the calculated field returns the value "Yes." If the value "New York" is not
selected, the calculated field returns the value "No."
Field types that can be referenced in an application or questionnaire

l Cross-Reference l Related
l Date (with or without time information) Records
l First Published Date (with or without time l Scheduler
information) l Sub-Form
l Last Updated Date (with or without time l Text

information) l Tracking ID
l Multiple Reference Display Control l User/Groups
l Numeric List
l Record Permissions l Values List
l Record Status
Field types that can be referenced in a sub-form
l Cross-Reference l Record
l Date (with or without time information) Status
l First Published Date (with or without time l Related
information) Records
l Last Updated Date (with or without time l Text
information) l Tracking ID
l Multiple Reference Display Control l Values List
l Numeric
Example: Calculations with dependent fields in the same level
Scenario Application has two fields Risk and Criticality.

[Total Risk] is a calculated field dependent on the value of [Criticality]
SUM([Risk], [Criticality])
Action 1 User changes the value of Criticality and clicks Save.

Where [Risk] = 12 and [Criticality] = 7

Results [Risk] is calculated immediately, and the updated value is displayed.

[Risk]=19
Cross-Application references in formulas

When you create a calculated field in an application, questionnaire, or sub-form, you can reference
fields residing in related applications or questionnaires, enabling you to perform cross-application
calculations. The Available Fields list in the formula builder will display all fields that are available
for reference in your formula, including cross-reference and related records fields. By expanding a
cross-reference or related records field in the formula builder, as shown in the following figure, you
can select fields from the related component for reference in your formula.
When you reference a field from a related application or questionnaire in a formula, the field
reference displays as follows: REF([Cross-Reference Field Name], [Field Name]).
Example: Formula that references a field from a related application
IF(CONTAINS(REF([Risk Assessments], [Overall Risk Exposure]),VALUEOF

("High")),"No","Yes")
This formula will examine the Overall Risk Exposure field in the Risk Assessments cross-reference
field for the value "High." If the value is found, the calculated field is populated with the value
"No." Otherwise, the field is populated with the value "Yes."

Referencing leveled applications
The calculation engine also allows you to reference fields from leveled applications. When you
reference a field from a related leveled application in a formula, the field reference displays as
follows: REF([Cross-Reference Field Name], [Field Name], [Data Level Name]).
Example: Formula that references a field from a related leveled application:
AVERAGE(REF([Response Measures], [Severity Rating], [Responses]))

This formula averages the values of the Severity Rating field for related records within the
Responses data level of the related application. If there are three records related to the parent
record, with values of "2", "9" and "4" in the Severity Rating field within the Responses data level,
this calculation returns a value of "5".
Referencing sets of values
Reference fields are particularly handy for calculations that require a set of values, rather than a
single value, as input. In this case, you would reference a cross-reference field that points to a field
that contains several values as input. For example, the LARGE function returns the k-th largest
value in a data set. The syntax, LARGE(values,k), requires a set of values as input.
Example: Formula using a REF statement that points to a cross reference field:
LARGE(REF([Data Set],[Values]),3)
In this example, Data Set is a cross-reference field and the records in the Values field are 3, 5, 3, 5,
4, 4, 2, 4, 6 and 7. This calculation returns the third largest value in the data set provided, which is 5.
Example: Cross-Referenced field updated by user

Action 1 User drills into [Severity Rating] in Application B.

[Severity] = 12.
Action 2 User with Read and Update permissions returns to Application A in Edit mode and
clicks Save.

[Total Risk]=23
Cross-Level references in formulas

When you create a calculated field in a leveled application, you can reference fields in a parent or
child level using the REF function.
AVERAGE(REF([Vendors], [Assessments], [Risk Rating])
This formula, created for a calculated field in the parent Vendors level of a two-level application,
references the Risk Rating field in the child Assessments level. The formula produces a numeric
value showing the average Risk Rating in all Assessment records associated with a parent-level
Vendors record.
Values list value references in formulas

When creating a calculated field in an application or sub-form, you can reference specific values
from values list fields within your formula. RSA Archer GRC dynamically maintains these field-
value references, meaning that if you modify a value within a values list and that value has been
referenced in a formula. RSA Archer GRC automatically updates the value within the formula so it
remains a valid field-value reference. For example, if you change the value "Important" to "Urgent"
within your global or field-specific values list, any formula that references the value "Important"
updates to reference the value "Urgent" instead.
Formula using the VALUEOF function
To reference a values list value in a formula, use the VALUEOF function and surround the value
name in quotes.
IF(CONTAINS(EXACT, VALUEOF([Risk Rating], "High")),"Yes","No")

This formula examines the Risk Rating field, which is a values list field, for the presence of the
value "High." If the formula finds this value, it populates the calculated field with "Yes." If not, it
populates with "No."
In addition to monitoring a values list field for the presence of a specific value, the VALUEOF
function enables you to set a values list field selection dynamically based on other conditions within
the record.
Example: Dependent on value in a values list
Formula IF(CONTAINS(ANY, [Location], VALUEOF([Location], "New York")), (VALUEOF

[Area],"Local", (VALUEOF[Area],"Global"))
Results This formula evaluates the Location field for the presence of the value New York.
If the value is present and selected, the value Local is selected in the calculated Values
List field.
If the value New York is not found, the calculated field is populated with the value
Global.
Formula for a calculated values list field
IF(CONTAINS(ANY, [Location], VALUEOF([Location], "New York")), "Local", "Global")

This formula examines the Location field for the presence of the value "New York." If the value is
present and selected, the value "Local" is selected in the calculated Values List field. If the value
"New York" is not found, the calculated field is populated with the value "Global."
If the values list values that you want to reference in a calculated field formula have associated
numeric values, you can reference those numeric values using the SELECTEDVALUENUMBER
function. For example, you have an Affected Departments field with the values "Accounting," "IT"
and "Sales," and those text values have been assigned the numeric values 10, 8 and 6, respectively.
Formula using the SELECTEDVALUENUMBER function
AVERAGE(SELECTEDVALUENUMBER([Affected Departments]))
If the values "Accounting" AND "IT" have been selected in the Affected Departments field, this
formula would populate the calculated field with the value "9."
Example: Average of numeric values in selected field
Scenario The Affected Departments field has the values Accounting, IT, and Sales and those
text values are assigned the numeric values 10, 8, and 6, respectively.

Formula AVERAGE(SELECTEDVALUENUMBER([Affected Departments]))
Results If the values Accounting and IT are selected in the Affected Departments field, this
formula populates the calculated field with the value 9.

If you are working with an application, a questionnaire, or a sub-form that contains multiple
calculated fields and the formula for one calculated field is dependent on the result of another
calculated field, you must specify the order in which you want to compute the calculated fields.
Note: When you add a new calculated field to an application, a questionnaire, or a sub-form, it
displays at the bottom of the list in the Field Calculation Order listing.
1. Go to the Calculations tab of the application, questionnaire, or sub-form that you want to update.
b. Under Application Builder, click Applications, Questionnaires, or Sub-forms.
c. Select the application, questionnaire, or sub-form.
order you want.
4. Click Save.
Troubleshooting Tips for Calculations

When working with formulas you may encounter error messages.
Common mistakes
Syntax errors cause many of the common mistakes. The formula syntax changed from version 4.x to
5.x.
The following list includes common mistakes that occur when using the DATE, ROUND, STRING,
and VALUEOF functions.

Function Description
DATE Dates and times are converted to Greenwich Mean Time (GMT) in the RSA Archer
Dates and times are converted to the locale of the user when the date or time is
displayed in a field. For example, the locale is Central Time and the date entered in
a Date field called Due Date is 8/3/2012 9:00 PM. The date and time stored in the
database is 8/4/2012 2:00 ARE. Any user viewing this record with this field sees the
user’s time zone, for example, EST 8/3/2012 10:00 PM.
When manipulating date and time and displaying them in a field type other than a
Date field, dates and times are displayed in GMT. For example, a calculated text
field with the formula DATEFORMAT([Due Date], “YYYY-MM-DD HH-MM
AM”) referencing the Due Date from the formula above returns 08-04-2012 2:00
AM.
A numeric calculated field with the formula DAY([Due Date]) returns 4.
ROUND Rounds a number to a specified number of digits. When the number to the right of
the decimal point is 5 or greater, the number is rounded up to the nearest integer.
If the num_digits parameter is greater than 0 (zero), the number is rounded to the
specified number of decimal places. If the num_digits parameter is equal to 0, the
number is rounded to the nearest integer. If the num_digits parameter is less than 0,
the number is rounded to the left of the decimal point to the specified number of
decimal places.
For example, if the num_digits parameter is -1 and the number is 101.5, the number
is rounded to 100.
STRING When using string manipulations, consider the data that is stored in the field. For
example, a Text Area field named Description contains <strong>Hello</strong>, and
the formula is LEN([Description]). Although the user only sees Hello, the
calculation results are 22, which is the total number of characters in the string.

Function Description
VALUEOF A common misconception of the VALUEOF is that it returns true or false if the
referenced value is selected in the referenced field. Often a formula is written as IF
(VALUEOF[Color], “Blue”, 1,0) and should be written as IF([Color] = VALUEOF
[Color], “Blue”, 1,0).
The only purpose of the VALUEOF function is to make a formula resilient to value
changes in a Values List. If the text of a value is changed in a custom or global
values list by an administrator, this function automatically updates the formula to use
the new text for the value.
For example, if the value "Blue" is referenced in a formula with the VALUEOF
function, and that value is subsequently changed to "Red" in the values list, the value
reference of "Blue" is automatically changed to "Red" in the formula.
Common error messages

The following are common scenarios that may cause formula calculations to fail:
Invalid value
Formula DATEDIF([Open Date],[Due Date],HOUR)
Error Value is not a valid number: B2 Parameter name: serialDate
Cause One of the date fields does not have data.
Resolution Use the ISEMPTY function to check for empty dates and to avoid .calculating against
an empty date.
Multiple values
Formula DATEDIF([First Published],REF([Incidents],[Open Date]),HOUR)
Error A parameter "!2!A1:A2" expected to be a single value was multiple values.

Parameter name: !2!A1:A2
Cause DATEDIF expects only one value, and this record relates to multiple incidents.
Resolution Use an interim function to generate one value for the second parameter, for example,
MAX..
Divide by zero
Formula 1 + 10/[Value]

Error A calculation within the formula returned the non-numeric value infinity.
Cause The value is 0.
Resolution Use zero checks to avoid dividing by zero.
Reference outside logical expression
Formula IF(VALUEOF([Risk],”Medium”), “true”, “false”)
Error _invalid expression
Cause Using the VALUEOF function without an equality operation.
Resolution Write the formula as follows:

IF([Risk]=VALUEOF([Risk],”Medium”),”true”,”false”)
Reference to more characters than exist
Formula SUBSTRING([Description],1,10)
Error Index and length must refer to a location within the string. Parameter name: length
Cause Description field contains less than specified number of characters. In this case, the
Description field has less than 10 characters.
Resolution Use LEFT or RIGHT function instead or use these functions in combination with
LEN to avoid reading passed the end of a string.
Deciphering error messages

The calculation engine stores data in cells or ranges much like an Excel spreadsheet. These
references are not visible to a user, making it more difficult to decipher error messages. The
calculation engine stores dates as numbers in cells.
For example, a formula that compares two dates might look like:
Using the formula as an example, the Open Date might be stored in B2 and the Due Date stored in
B3.
An error message for this formula might look like:

In this example, B3 is the parameter cell for Due Date and DATEDIF is expecting a valid serial
date.
Dependencies resolution
One of the most powerful facets of working with calculations is the ability to reference one or more
calculated fields in another calculated field formula.
For example, a final score value might be computed by summing the values of several calculated
section score fields.
In this example, there are inherent calculation dependencies. Each of the section score values must
be computed before the final score can be computed. You can specify the order in which
calculations are performing. After the field calculation order is established for an application, field
dependencies simply manage themselves.
Circular references
Circular references are sometimes difficult to detect. Circular references are caused by formulas
that form either a direct or indirect loop.
l A direct loop is formed when a series of field references form a closed circuit.
l An indirect loop can sometimes result when a series of field references includes a reference to a
field that is set to Always recalculate.
RSA Archer GRC does not allow formulas that might result in circular references. Whenever a
possible circular reference condition exists, a validation message is displayed.
Validation messages help reconcile circular references. The validation message includes the field
name and module name of both the field and the field to which it references. The following
examples shows a validation message:
Calc Depend
Field Module Level
Always All
{fieldref01} {modulename01} {levelname01} No No

Calc Depend
Field Module Level
Always All
The Calc Always column contains the value of the Always Recalculate flag set at the calculated
field. The Depend All column contains the value set by RSA Archer GRC for a questionnaire that
has questions dependent on any calculated field.
To see the circular reference details, validate the calculation in the formula builder.
Using the fields from two different applications that reference each other, the validation message for
this condition might look like this:
Calc Depend
Field Module Level
Always All
{Rating} {Risk Management} {levelname01} No No
{Controls} {Policy Management} {levelname02} No No
{Rating} {Risk Management} {levelname01} No No
Example: Always recalculate
When the Always flag is set on a calculated field, the field recalculates every time a record is
saved. The formula indirectly results in a circular calculation that cannot be resolved. A validation
error is reported when this condition exists.

The following figure shows an indirect loop caused by a circular reference. This condition results in
a circular reference because Rating is indirectly dependent on Criticality. Because Rating is set to
Recalculate Always, it calculates every time that Criticality calculates.
Attempt to save Formula 3. A circular reference is detected, and a validation message is displayed
that may read like the following:
"Circular Calculation Detected: The following displays the path of the circle:"
Calc Depend
Field Module Level
Always All
{Criticality} {Risk Management} {levelname01} Yes No
{Rating} {Risk Management} {levelname01} Yes No
{Criticality} {Risk Management} {levelname01} Yes No
Example: Circular reference with multiple formulas
A circular reference containing three formulas in three different applications where each formula
references a field in a cross-referenced application.

Example
Formula 1: (Field 1 in Application A references Field 2 in Application B)

Field 1 recalculates on every save
Formula 2: (Field 2 in Application B references Field 3 in Application C)
Formula 3: (Field 3 in Application C references Field 1 in Application A)
In this example, the circular reference is created by Field 3 referencing Field 1.

Attempt to save Formula 1. A circular reference is detected, and a validation message is displayed
that may read like the following:
"Circular Calculation Detected: The following displays the path of the circle:"
Calc Depend
Field Module Level
Always All
{Rating} {Vendor Management} {levelname01} No No
{Criticality} {Risk Management} {levelname01} No No
{Rating} {Vendor Management} {levelname01} No No

Example: Direct-Loop circular reference
Cross-Reference Field
The Cross-Reference field type enables you to create associations between records in the same
application (internal references) or records in one or more different applications (external
references).
l When you create a cross-reference field that forms an external relationship with another
application, a related-records field is automatically added to the related application. The related-
record field provides a mirror image of the cross-reference field. In an individual record of the
related application, you can see all records that are cross-referenced to that record.
l When you create an association between records in the same application, a related-record field is
automatically created in the application.
l When you create a cross-reference field that references a leveled application, you have the option
to reference one level or all levels of that application. If you select one level, the Display Fields,
Filters, and Sorting controls contain only the fields from the selected level.
l When users select record references through a cross-reference field, a Record Lookup page is
displayed that enables them to select records from a list or to search for specific records in the

related application by a keyword search. You can also create dynamic filters so that users only
see records that are relevant to them in a record look-up.
Example: Associating records
l If you have a cross-reference field configured to create internal references in a Trouble Tickets
application, you can associate one ticket to other related tickets.
l If you have a cross-reference field in a Violations application that is configured to create external
references to an Investigators application, you can select investigators for individual violation
records by selecting those investigators through the cross-reference field.
Example: Related record relationship to cross-referenced fields

When you have a cross-reference field in a Violations application that is related to an Investigators
application, users can select investigators for individual violation records through the cross reference
field. When users access a record in the Investigators application, they can view all violation
records that have been cross-referenced to that particular investigator in the related-records field.
Validation rules for cross-reference and related records fields

When validating the new rules for the related record, RSA Archer GRC only validates records that
were added to or removed from the reference field of the original relationship. For example, a user
in Application A creates a cross-reference field, and then removes related record B1 in Application
B. The only record that is validated is B1, because it changed.

Rule Description
Minimum Selections Validates the removed or added relationships do not violate the
(rule for a reference Minimum Selections rule for the related record when both of the
related field) following apply:
l The user attempts to save a record with a reference field change.
l A Minimum Selections rule is enabled for the reference field in the

related application.
Example
Scenario A user creates a Cross-Reference field in Application

A.
The user sets the value in the Minimum Selections field
to 2 for the associated Related Record in Application B.
Record B1 has two references and is related to Record
A1 and Record A2.
The user edits Record A1 and attempts to remove
Record B1 from the Cross-Reference field.
Results When the user attempts to save Record A1, a message

is displayed, indicating that the Minimum Selections rule
for B1 is violated. The violation occurs because the
removal of Record A1 causes the number of records to
fall below the Minimum Selections value of 2.

Rule Description
Maximum Selections Validates that the removed or added relationships do not violate the
(rule for a reference Maximum Selections rule for the related record when both of the
related field) following apply:
l A Maximum Selections rule is enabled for the reference field in the

related application.
Example
Scenario A user creates a Cross-Reference field in Application A.

The user sets the value in the Maximum Selections field
to 2 for the associated Related Record field in
Application B.
Record B1 has two references and is related to Record
A1 and Record A2.
The user edits a third record, A3, and adds Record B1 to
the Cross-Reference field.
Results When the user attempts to save Record A3, a message is

displayed, indicating that the Maximum Selections rule
for B1 is violated. The violation occurs because adding
Record A3 causes the number of records to exceed the
Maximum Selections value of 2.

Rule Description
Required (rule for a This rule validates that the removed relationships do not violate the
reference-related field) Required rule for the related record when both of the following apply:
l A Required rule is enabled for the reference field in the related

application.
Example
Scenario A user creates Application A with a cross-reference.

The user sets the associated Related Record field in
Application B to Required.
Record B1 is related to Record A1.
The user edits Record A1 and removes Record B1 from
the cross-reference.
Results When the user attempts to save Record A1, a message

is displayed, indicating that the Required rule for
Record B1 is violated. The violation occurs because the
removal of Record A1 causes the field (which is
required) to have no data.
Adding Cross-Reference Fields

Use cross-reference fields to create associations between records in the same application (internal
references) or records in one or more different applications (external references).
Add a cross-reference field
1. Go to the Fields tab of the application to which you want to add a cross-reference field.
2. Click Add New.

l To add a new field, click Create a new Field from scratch and click Cross Reference from
l To add a field from an existing field, click Copy an existing Field and select the cross-
reference field you want to copy.
4. Click OK.
Display
Description
Control

Column
8. In the Options section, select the applicable options:
Options
Option Action

Option Action

Inline Edit
Editable
Grid
Display
for editing.

Option Action
Remove
Record Lookup Configuration options
Options Description
Reference field.
Lookup page.
Note: If the relationship application is a leveled application, and you select fields
from two or more levels to be displayed in the Cross-Reference field, you can only
Lookup page.

Options Description
Lookup page.
Format page:


grouping of values.
Grid Display options
Options Description
Reference field.
Lookup page.
If the relationship application is a leveled application, and you select fields from
two or more levels to be displayed in the Cross-Reference field, you can only
Lookup page.

Options Description
Lookup page.
Format page:

grouping of values.
11. In the Configuration section, specify the range of selections a user can make.
Option Description
Field For Single Column option: Specifies the height of the field in a single-column
Height display. This setting impacts the display of the field only when users add or edit
records in the application. For example, if you set the field height to three lines,
and a user makes four selections in the field, a scroll bar is displayed.
control.
control.

Dynamic Filters for Cross-Reference Fields

Dynamic filters limit what users see while working with records. These filters are created by a RSA
Archer GRC administrator to enable users to find records with cross-referenced content. A dynamic
filter can be one or more fields in the current application and a cross-referenced application.
l Dynamic filters combine single-select and advanced operator logic to pinpoint the exact record
that the user sees in a Record Lookup.
l Dynamic filters can be applied using inline edit fields.
l Dynamic filters in inline edit fields are built off of values committed in the database.
Dynamic filter requirements
l Users must have permission to all related applications and fields.
l Both applications must have the same field type that will be used in the dynamic filter.
l A Cross-Reference field must exist in one of the applications.
l A Values List field used as the compare filter must be a global values list and exist in all
applicable applications.
Example: Dynamically filtered records
Scenario: A user for Vendor Management wants to update a record for any high priority incidents
that were documented for an engagement during the month of August.
Action 1: The administrator must first create the dynamic filter in the Cross-Reference Field of
one of the applications.
All applications must contain the same field types that will be used for dynamic
filtering. If the dynamic filter is a values list, the Values List field must be a global
values list that is referenced in both applications.
Action 2: The user runs a record look up in the Vendor Management solution.
Results Only the relevant records that are dynamically filtered are shown in the record lookup
results for that user.

High-level view of the configuration of a dynamic filter
When a user works with cross-reference or related records in a module that has a dynamic filter,
users see only the records relevant to them.
Rules for creating dynamic filters

When creating dynamic filters for cross-referenced applications, the following conditions must
apply:

Supported
Operator Special Conditions
Field Type
Field Field Field Field

Value Value Value Value
Match Does Not Contains Does Not
Match Contain
Basic Date Yes Yes No No Must not include time.
IP Address Yes Yes No No Must both be IPv4 or

IPv6. Both
IP addresses must be
the same type.
Numeric Yes Yes No No
Text Yes Yes Yes Yes Do not use with Text

Area fields.
User/Groups Yes Yes Yes Yes

List
Values List Yes Yes Yes Yes Must reference the

same global values
list.
Advanced Cross- Yes Yes Yes Yes Must reference a

Reference common level in the
same application.
Related Yes Yes Yes Yes Must reference a

Records common level in the
same module.
Matrix Yes Yes Yes Yes Must reference same

column values list and
same row values list.
Record Yes Yes Yes Yes

Permissions

Creating Dynamic Filters for Cross-Reference Fields

Create dynamic filters to show only the records to which a user has permissions. For example, you
can limit the number of items from which a user can choose, by showing the user only the items that
are applicable to that user.
Create a dynamic filter
1. Go to the Options tab of the cross-reference field you want to add the dynamic filter.
c. Select an application or questionnaire.
d. Click the Fields tab, and select the cross-reference field.
3. In the Record Lookup Configuration section, enter the filtering criteria for the dynamic filter.
Option Description

Evaluate

Operator
Logic
4. (Optional) Do one or more of the following:

l To add another filter, repeat step 3.
l To add another line, click Add New and repeat step 3.
l To add Advanced Operator Logic, enter the expression in the space provided.
5. Click Save.
Related Records Field

When you create a cross-reference field that forms an external relationship with another application,
a related records field is automatically added to the related application. Likewise, if you create a
cross-reference field that forms an internal application relationship, a related records field is
automatically created in the application that has the cross-reference field.
The related records field is a mirror image of the cross-reference field, meaning that it allows you to
see all of the records that have been cross-referenced to a particular record.
For example, you have a cross-reference field in a Trouble Tickets application that references
records in a Technicians application. In the Trouble Tickets record, users can assign one or more
technicians through the Technicians cross-reference field. Users can then open any technicians
record, and through the related records field, see each trouble ticket record assigned to a technician.
Note: If you create a cross-reference field that forms an external relationship with a leveled
application, you have the option to reference a specific level or to reference all levels. If you
reference a specific level, a related records field is created at the data level specified. If you
reference all levels, a related records field is created at each data level in the related application. In
the case that more data levels are subsequently created in the leveled application, a related records
field is added to each new level.
You cannot add a related records field in an application, questionnaire, or sub-form. Instead, it is
automatically added when the application, questionnaire, or sub-form is selected for reference
through a cross-reference field. When a related records field is added, it is listed in the Available
Fields list on the Layout tab. As an application owner, you must move the related records field into
the application layout before it is displayed to end users. You can also rename the field and select
fields from the related application, questionnaire, or sub-form whose values you want to display in
the related records field.
Note: If a related records field is configured to display in the layout and a user does not have access
to records in the related application, questionnaire, or sub-form, the related records field is not
displayed for that user.
Users that have create permissions in the related application can add new records in that application
from the related records field. The cross-reference field value in the newly created record defaults
to the record where the user added it. Using the previous example, a user creates a new trouble
tickets record from the "Gloria Young" technicians record. The "Gloria Young" record is selected by
default in the Technicians cross-reference field in the new trouble tickets record.

If the Lookup feature is enabled for a related records field, users who have read permissions in the
related application can select records from a list or to keyword search for specific records in the
related application by clicking Lookup. As an application owner, you can configure the fields that
are displayed for users in the Record Lookup page, and you can create filter criteria to limit the
number of records users can select from. You can also define the minimum and maximum number of
related records a user can select.
Recalculating Calculated Fields

When scheduling recalculations for an application, those recalculations will impact all records in the
application, including records currently opened (locked) for editing. When scheduling recalculations
for a sub-form, those recalculations will impact all records in the sub-form across all applications in
which the sub-form is embedded. If an application contains both a sub-form and a calculated field
whose value is dependent on a field within the sub-form, records in the application will also
recalculate when sub-form-level records recalculate. This condition is only true, however, for
application records in which a user has made at least one entry in the embedded sub-form.
In addition to a scheduled recalculation, you can also execute an on-demand recalculation.
Schedule a recalculation of a calculated field

You can configure a batch recalculation schedule for an application or sub-form using the
Recalculation Schedule function. By using the recalculation schedule option, you can ensure that
your date-based information is kept current.
2. In the Recalculation Schedule section, select Recalculations.
Note: If your application or sub-form does not contain at least one calculated field that uses the
TODAY or NOW functions, you cannot access the Recalculation Schedule dialog box.
Scheduled recalculations are necessary only if you need to evaluate content within the context of
the passage of time.
3. In the Interval field, enter the frequency, in days, for how often you want to execute a

recalculation.
For example, if you entered "7", the application recalculates every seven days.
4. In the Begin Time field, enter the time of day that you want to execute the recalculation.
5. In the Time Zone field, select the time zone to reference for determining the Begin Time value.

Execute an on-demand recalculation

You can execute an on-demand recalculation, in addition to scheduling a recalculation. When you
are viewing a record of an application of which you are the assigned owner or an administrator, you
can recalculate all calculated fields within the records.
Important: Be careful when selecting this option as all calculated fields in all records within the
application, level (for leveled applications), or sub-form will be recalculated, even fields that have
been selected with the As Needed option at the field level. This may impact system performance.
2. Go to the On-Demand Recalculation section.
3. Click Launch Full Recalculation.
4. Click Yes to confirm the recalculation.
Record Permissions Field

Record permissions enable you to grant user access to an application to many users through their
access roles when it is not appropriate for those users to have access to every record in the
application.

Use a record permissions field to control user access at the record level. For example, you have a
Vendor Profiles application. You can give all vendor relationship managers access at the application
level, and then use a record permissions field to ensure that vendor relationship managers can only
see records of the vendors with which they work.
This field type provides permissioning models for granting record-level access to users and groups.
Manual permissions model

Permits your users to grant record-level permissions by selecting users and groups in the field. The
application owner must select at least one user or group from which users can select. You can also
define rules that control the level of permissions the selected users and groups receive based on
record content.
For each user or group that you define as an available selection in the record permissions field, you
can select the level of record access that should be granted to that user or group.
By default, all users and groups selected in a record permissions field have read access to their
assigned records. However, you can also grant update and delete privileges. You can also define
rules that control the level of permissions the selected users and groups receive based on record
content.
Important: When converting from a user/group list field to a record permissions field, users are not
automatically granted access to the record. You must remove the users and groups from the
promoted field, and then add them again to activate record permissions for the newly promoted field.
Inherited permissions model

Inherits record permissions from related levels or applications and displays as a read-only field to
your users. The value of the field is automatically populated by one or more record permissions
fields that you define. When you select this option, you must select at least one Record Permissions
field in a related application or data level from which to inherit permissions.
If you have existing records in the application that you are managing, a process is triggered to set
permissions for those records. If you delete a parent-level record with child-level records that inherit
permissions from that parent, the permissions in the child-level records are deleted.
Inheriting permission rules
Inherited permissions method allows your users to set permissions in one record and have those
permissions automatically apply to related records.
l Unrestricted: Inherits record permissions from all related records. If you set the permissions in a
record, those permissions automatically apply to all related records.

l Restricted: Inherits record permissions from selected related records. If you set the permissions in
a record, those permissions automatically apply to the specified related records.
Recalculation conditions for inherited record permission field values
l A record permissions field configuration is changed, and that field is referenced by the inherited
record permissions field.
The recalculation occurs only if the available users or groups are changed for a manual selection
record permissions field or if the rules are changed for an automatic selection record permissions
field.
l A record permissions field is deleted, and that record permissions field is referenced by the
inherited record permissions field.
l A record permissions field is changed to restricted or unrestricted, and the permissions are edited
in the Field Population section.
Important: Inherited record permissions fields are not tracked in a history log field. If a history log
field is configured to track the record permissions field before it was changed to use inherited
permissions, the record permissions field is removed from the history log configuration, and all data
for the field is deleted. Further changes to the record permissions field values are not tracked in the
history log.
After you select the Inherited Permissions model for a record permissions field, you cannot change
the permission method.
Automatic permissions model

Assign record-level access automatically based on one or more rules and appears as a read-only
field to your users.
l When configuring a field using this method, define one or more rules for assigning record access
based on data conditions within a record.
l When creating a rule for assigning record-level access, create one or more conditions for rule
fulfillment. A condition consists of a field to evaluate and one or more values to watch for in that
field.
After defining one or more conditions for rule fulfillment, select the users and groups who have
access to records in which the specified conditions are met. When selecting users and groups, you
can also specify whether those users and groups have read-only access to their assigned records or
whether they have update and delete access.

When using the rule-driven selection method, you must also select one or more default users or
groups who have access to records in which none of the rules are met. You can also specify whether
those users and groups have read-only access to their assigned records or whether they have update
and delete access.
Permissions are recalculated for individual records each time a value changes that causes a new rule
to prove true. In addition, record permissions are recalculated for the entire application if any one of
the following occurs:
l A new automatic selection record permissions field is created or activated in an application.
l A permissions rule is added, deleted, or updated in an active record permissions field.
l An inactive automatic selection record permissions field is activated.
l A record permissions field that is configured with the manual selection method is reconfigured to
use the automatic selection method.
Record permissions can affect the behaviors of other elements used in applications, questionnaires,
or sub-forms.
Rules for using record permissions with other elements
Element Rules
Calculations Record permissions fields are not recalculated in archived applications or

questionnaires.
In a forced recalculation of a record permissions field, users must have update
permissions to perform the recalculation.

Element Rules
Conditional For record permissions fields that are selected for inclusion or exclusion in an
Layout ACL action, only the data committed in the database determines whether a user
Actions is included or excluded from the ACL action.
Only the data committed in the database determines whether an ACL action is
applied to the specified user.
Any user that is selected in a record permissions field is excluded if the field is
excluded.
An Apply Conditional Layout (ACL) action does not give users added field
permissions, but it can restrict them.
l If a field is set to display and the user does not have read permissions to the
field, the field is still hidden from the user.
l If a user has full permissions to a field that is set to read only in an ACL
action, the user cannot modify the field.
l If a field is not displayed because of an ACL action, a user with field

permissions can still search the field and functions. For example, a data feed
and Web API can still reference the field.
Data Feed Record permissions are evaluated and may limit the source data retrieved from
the application.
Data Imports Record Permissions fields must be configured with the manual permissions
model.
When an empty value is imported into a Record Permissions field, the field is
empty in the new or updated record regardless of whether the field is configured
with one or more default values.
When no value is selected in the Record Permissions field, only users who are a
system administrator or application owner can access the record.

Element Rules
Notifications Record Permissions fields cannot be included in the subject line of the
notification.
For Scheduled Report Distributions, the content of an attached report is based on
the record permissions of the user who creates the report. A dynamic recipient
list is based on the values of a record permissions or an email address stored in a
field. Recipients can only view records for which they have record permissions.
Only a record being saved executes Generate Notification actions in a data-
driven event. This action executes at the end of the record save process and is the
only action that executes after calculated fields and record permission fields are
computed.
Packaging User/Groups field population may be added to Record Permissions fields, but the
packaging installation does not remove the existing ones.
If a User/Groups field in the target instance is configured as a Record
Permissions field in the package, the package installation changes the field to the
Record Permissions type.
When installing a package that contains Record Permissions fields, verify that
users and groups already exist in the target instance. If they do not, these fields
may not install properly. If necessary, create the users and groups in the target
instance before installing the package.
Questionnaires Record permissions fields are not recalculated in an archived questionnaire.

and A target application must have a User/Groups list or Record Permission field
Campaigns before you can assign a submitter or reviewer for each questionnaire record
triggered by a campaign.
By default, questionnaires include two User/Groups List fields: Submitter and
Reviewer. These fields facilitate a two-stage workflow process. You can define
the users and groups available for selection in these fields, and you can promote
the fields to Record Permissions fields if you want to use them to control access
to questionnaire records. In addition, you can add User/Groups List or Record
Permissions fields to expand the content review process according to your risk
management methodologies.
Search and User/Groups list and Record Permissions fields, which normally display as a link
Reporting to the profile page when populated, do not display as links when Inline Edit is
enabled,.
If an application contains a Record Permissions field, users can only access the
fields to which they have permissions in the application.

Element Rules
Workflows Record permissions apply for records in the workflow process. All users with
proper access privileges can view a record in the workflow process. Only users
that have been assigned a record in the workflow process can accept or reject it.
Example: Record permissions assigned by data conditions
Example Assigning record permission automatically by a data condition
Scenario You define a rule in a Document Repository application that assigns full record-level
1: access to the Documentation group when the Document Status is Draft.
Results: The appropriate record-level access is granted for all records in the Document
Repository application when the Document Status is Draft.
Scenario You define another rule that assigns read-only record access to the Everyone group
2: when Document Status is Final.
Results: The appropriate record-level access is granted for all records in the Document
Repository application when the Document Status is either Draft or Final.
Example: CRUD permissions through field status
Example Field status determines CRUD permissions
Scenario The status of a field is In Progress.

1:
Results: Users and groups selected in the Record Permissions field have read and update rights
to the record.
Scenario The status of the same field is Completed.

2:
Results: Users have only read rights.
Example: Inherited permissions for cross-reference applications
Example Using inherited permissions for cross-reference applications
Scenario: You have a Vendor Profiles application that cross-references your Contracts and
Assessments applications. Vendor relationship managers need access to records in all
three applications for the vendors they work with.

Example Using inherited permissions for cross-reference applications
Solution: To simplify the process of granting record permissions for these applications, you can:
1. Create a record permissions field that allows manual selection in the parent
Vendor Profiles application.
2. Create record permissions fields in the child Contracts and Assessments

applications that inherit permissions from the related vendor profile.
Results: When a user gains access to the ABC Company vendor profile, that user
automatically gains access to the contracts and assessments related to ABC Company.
Example: User restriction to a specific group
Example User in a specific group with permission only in that group
Scenario: You select the Sales, Marketing, and Management groups as available selections in
the field.
Results: If a user adds a record in the application and that user is a member of only the
Marketing group, the Marketing group is the only group available to that user for
selection in the record permissions field.
Adding Record Permissions Fields

Use a record permissions field to control user access at the record level.
Add the record permissions field

You can add a record permissions field to an application or questionnaire.
1. Go to the Fields tab to which you want to add the record permissions field.
2. Click Add New.

l To add a new field, click Create a new Field from scratch and click Record Permission from
l To add a field from an existing field, click Copy an existing Field and select the record
permission field you want to copy.
4. Click OK.
7. In the Display Control section, select the control for displaying the record permissions field.
Display
Description
Control
Buttons
Boxes
8. In the Options section, select the behavior and validation rules for the record permissions field.
Option Action

Option Action

Inline Edit
9. In the Configuration section, set the minimum and maximum selection values.
Option Description
control.
control.

Configuring Automatic Permissions for a Record Permissions

Field
Assign record-level access automatically based on one or more rules and appears as a read-only
field to your users.
l When configuring a field using this method, define one or more rules for assigning record access
based on data conditions within a record.
l When creating a rule for assigning record-level access, create one or more conditions for rule
fulfillment. A condition consists of a field to evaluate and one or more values to watch for in that
field.
After defining one or more conditions for rule fulfillment, select the users and groups who have
access to records in which the specified conditions are met. When selecting users and groups, you
can also specify whether those users and groups have read-only access to their assigned records or
whether they have update and delete access.
When using the rule-driven selection method, you must also select one or more default users or
groups who have access to records in which none of the rules are met. You can also specify whether
those users and groups have read-only access to their assigned records or whether they have update
and delete access.
Permissions are recalculated for individual records each time a value changes that causes a new rule
to prove true. In addition, record permissions are recalculated for the entire application if any one of
the following occurs:
l A new automatic selection record permissions field is created or activated in an application.
l A permissions rule is added, deleted, or updated in an active record permissions field.
l An inactive automatic selection record permissions field is activated.
l A record permissions field that is configured with the manual selection method is reconfigured to
use the automatic selection method.
Selection rules for automatic permissions

Automatic selection rules of the record permissions field applies to the Manual or Automatic
permission models. A selection rule consists of one or more data conditions to watch for within
application records and specific permissions the users or groups selected in the record permissions
field should have if the specified conditions are met.

You can create multiple rules for dynamically modifying rights based on record content. When you
configure multiple rules, the user is granted the highest rights allowed by the rules.
For example, you have one rule that gives the selected user read-only rights and another rule that
gives the selected user read and update rights. If both rules prove true, the user has read and update
rights.
If you add multiple rules, the user is granted the highest rights allowed by the rules. Make sure that
at least one user has rights to a record by adding a default user or group. When none of the rule
conditions are true, rights are granted to the default user or group.
assigned records. Click the applicable checkbox for update, delete, or both.
You must also select a default user or group that is used when users add new records. The default
section can be the record creator or for any selected group or user.
When working with groups, you can include the sub-groups of a selected group in the list of
available values for the record permissions field. To include a sub-group, select Cascade for the
group in the Users/Groups list.
Note: When you select the Cascade option for a group that contains sub-groups, those sub-groups
are available for selection in the Record Permissions field. When a user interacts with the record
permissions field while adding or editing a record, the user can select the parent-level group,
individual, or both sub-groups nested under the parent group. If a user selects only the parent group,
record access is not granted to members of sub-groups. Only individual users who are members of
the selected parent group have access to the record.
Step 1: Select the permissions model
1. Go to the Permissions section of the record permissions field.
c. Select the application that contains the record permissions field.
d. Click the Fields tab and select the record permissions field.
e. Click the Options tab.
2. In the Permission Model field, click Automatic.
3. Click Apply.

Step 2: Add selection rules for changing the access level of the record permissions
field
1. In the Rules section, click Add New.
2. In the Rule Information section, enter a rule name and a description.
3. In the Conditions field, do the following to create one or more rules:
a. In the Field To Evaluation box, select the field to evaluate for one or more specific values.
b. In the Operator box, select the filter operator.
c. In the Value(s) box, select the values for the condition
4. In the Field Population section, click Lookup.
5. Do one or both of the following to select the users and groups:
l To add a group, expand the Groups node and click the Group or Groups that you want to add.
l To add users, expand the Users node, and click the users that you want to add.
Note: To search for a specific role, enter the role name in the Find field and, if applicable,
select the type from the adjacent list. Click . The results of your search appear in the
Available list in the Search Results node.
6. Select the privileges for each user and group.
7. From the Users/Groups list, select Default to define a user or group as the default selection for
the field.
8. (Optional) Click Cascade to include the sub-groups of a selected group.
9. Click Apply.
Step 3: Add default users and groups to the record permissions field
Complete this task to assign one or more users and groups who are granted record permissions by
default if none of the rules that you specified are met.
1. In the Default Users/Groups section, click Lookup.

To search for a specific role, enter the role name in the Find field and, if applicable, select the
type from the adjacent list. Click . The results of your search are displayed in the Available
list in the Search Results node.
3. Click OK.
4. Select the permissions you want to assign to the user or group.

Click Save or Apply.
Configuring Inherited Permissions for a Record Permissions

Field
Inherits record permissions from related levels or applications and displays as a read-only field to
your users. The value of the field is automatically populated by one or more record permissions
fields that you define. When you select this option, you must select at least one Record Permissions
field in a related application or data level from which to inherit permissions.
If you have existing records in the application that you are managing, a process is triggered to set
permissions for those records. If you delete a parent-level record with child-level records that inherit
permissions from that parent, the permissions in the child-level records are deleted.
Inheriting permission rules
Inherited permissions method allows your users to set permissions in one record and have those
permissions automatically apply to related records.
l Unrestricted: Inherits record permissions from all related records. If you set the permissions in a
record, those permissions automatically apply to all related records.
l Restricted: Inherits record permissions from selected related records. If you set the permissions in
a record, those permissions automatically apply to the specified related records.
Recalculation conditions for inherited record permission field values
l A record permissions field configuration is changed, and that field is referenced by the inherited
record permissions field.
The recalculation occurs only if the available users or groups are changed for a manual selection
record permissions field or if the rules are changed for an automatic selection record permissions
field.

l A record permissions field is deleted, and that record permissions field is referenced by the
inherited record permissions field.
l A record permissions field is changed to restricted or unrestricted, and the permissions are edited
in the Field Population section.
Important: Inherited record permissions fields are not tracked in a history log field. If a history log
field is configured to track the record permissions field before it was changed to use inherited
permissions, the record permissions field is removed from the history log configuration, and all data
for the field is deleted. Further changes to the record permissions field values are not tracked in the
history log.
After you select the Inherited Permissions model for a record permissions field, you cannot change
the permission method.
2. In the Permission Model field, click Inherited.
3. Click Apply.
Step 2: Define rules for inheriting permissions from a related record
1. Select one of the following:
l Click Unrestricted to inherit permissions from all related records.
l Click Restricted to inherit permissions from selected related records.
2. In the Field Population section, select one or more Record Permissions fields to display in the
Selected list from the Available list.
3. Click Save.

Configuring Manual Permissions for a Record Permissions Field

Permits your users to grant record-level permissions by selecting users and groups in the field. The
application owner must select at least one user or group from which users can select. You can also
define rules that control the level of permissions the selected users and groups receive based on
record content.
For each user or group that you define as an available selection in the record permissions field, you
can select the level of record access that should be granted to that user or group.
assigned records. However, you can also grant update and delete privileges. You can also define
rules that control the level of permissions the selected users and groups receive based on record
content.
Automatic selection rules for manual permissions

Automatic selection rules of the record permissions field applies to the Manual or Automatic
permission models. A selection rule consists of one or more data conditions to watch for within
application records and specific permissions the users or groups selected in the record permissions
field should have if the specified conditions are met.
You can create multiple rules for dynamically modifying rights based on record content. When you
configure multiple rules, the user is granted the highest rights allowed by the rules.
For example, you have one rule that gives the selected user read-only rights and another rule that
gives the selected user read and update rights. If both rules prove true, the user has read and update
rights.
If you add multiple rules, the user is granted the highest rights allowed by the rules. Make sure that
at least one user has rights to a record by adding a default user or group. When none of the rule
conditions are true, rights are granted to the default user or group.
assigned records. Click the applicable checkbox for update, delete, or both.
You must also select a default user or group that is used when users add new records. The default
section can be the record creator or for any selected group or user.
When working with groups, you can include the sub-groups of a selected group in the list of
available values for the record permissions field. To include a sub-group, select Cascade for the
group in the Users/Groups list.

Note: When you select the Cascade option for a group that contains sub-groups, those sub-groups
are available for selection in the Record Permissions field. When a user interacts with the record
permissions field while adding or editing a record, the user can select the parent-level group,
individual, or both sub-groups nested under the parent group. If a user selects only the parent group,
record access is not granted to members of sub-groups. Only individual users who are members of
the selected parent group have access to the record.
2. In the Permission Model field, click Manual.
3. Click Apply.
Step 2: Select users and groups and display rules
2. From the Available list, select the users and groups that you want to be available for selection in
the record permissions field and click OK.
3. In the Users/Groups field, click the applicable level of access that you want each user and group
to have to a record if they are selected in the record permissions field.
4. Select the applicable option to exclude or restrict users and groups and click Apply.
5. Click Apply again.
6. In the Permissions section, click Manual as the permission model.

Step 3: Add selection rules for changing the access level of the record permissions
field
1. In the Rules section, click Add New.
2. In the Rule Information section, enter a rule name and a description.
3. In the Conditions field, do the following to create one or more rules:
a. In the Field To Evaluation box, select the field to evaluate for one or more specific values.
b. In the Operator box, select the filter operator.
c. In the Value(s) box, select the values for the condition
6. Select the privileges for each user and group.
7. From the Users/Groups list, select Default to define a user or group as the default selection for
the field.
8. (Optional) Click Cascade to include the sub-groups of a selected group.
9. Click Apply.
Converting a User/Groups List to a Record Permissions Field

You can convert a user/groups list field to a record permissions field to limit record access to only
those users or groups selected in the field. The record permissions field is populated with the users
and groups configured for the user/groups List field.
The record permissions field also is configured to use the manual selection method, meaning that end
users are able to interact with the field to assign record permissions.

Convert a user/groups list to a record permissions field
2. Select the user/groups list field that you want to promote to a record permissions field.
3. In the Action field in the General Information section, click Promote to Record Permissions
field.
4. Remove the users and groups from the promoted field.
5. Add the users and groups to activate the record permissions for the newly promoted field.
6. Click Save.
Values Lists
Values lists allow administrators to define the values that users are allowed to select from in a
Values List, Matrix, or Cross-Application Status Tracking field. There are two types of values lists.
Type Description
Global Global values lists can be accessed and reused by other administrators. A global values
list can be used to populate Values List, Cross-Application Status Tracking, and Matrix
fields in an application.
For example, if you create a global values list that includes project statuses (pending, in
process, under review, completed, and so on), and you use this global values list in an
Exception Requests application, other administrators can use this values list in
applications they create, such as an Incidents application.
If you grant a user or group access rights to the Manage Global Values Lists page, these
individuals have access to all global values lists in the RSA Archer GRC. If you want a
user to have access to specific global values lists and not all lists, select the appropriate
CRUD access for the individual global values list on the Manage Access Roles page.

Type Description
Field- A field-specific values list is considered “local” to its related Values List or Matrix
Specific field, meaning that it cannot be used again to populate other fields. Custom values lists
are useful in cases where the values do not make sense in the context of another
application or field. For example, a field-specific values list with the values “Draft” and
“Final” may be useful only for a Status field in a Document Repository application.
From the Application Builder, you can quickly establish global and field-specific values lists by
entering the values manually or by importing them from an external XML file.
Adding Values List Fields

Values list include the values that users are allowed to select from in a values list, matrix, or cross-
application status tracking field.
Add a values list field
1. Go to the Fields tab of the application to which you want to add a Values List field.
2. Click Add New.
l To add a new field, click Create a new Field from scratch and click Values List from the
l To add a field from an existing field, click Copy an existing Field and select the values list
4. Click OK.
7. In the Display Control section, select the option for displaying the field:

Display
Description
Control
Buttons
Boxes
behavior:
Options
Option Action

Option Action

Inline Edit
Days 1 day
Months 30 days
Quarters 90 days
Years 365 Days


9. In the Configuration section, specify the minimum and maximum number of selections a user can
make.
Option Description
control.
control.

Adding a Global Values List

Use global value lists for items that are common to other applications or questionnaires.
Add a global values list
1. Go to the Manage Global Values Lists page.
b. Under Application Builder, click Global Values Lists.
2. Click Add New.

l To use the settings of an existing global values list as a starting point, select Copy an existing
Values List and select the existing values list from the Available Actions list.
l To select new settings for a global values list, select Create a new Values List from scratch.
4. Click OK.

Adding Values to Values Lists

You can create the values that are displayed to users as the available selections in global, field-
specific, and questionnaire values lists. The process for adding values to these types of lists is
identical.
Add values manually to a values list
1. Go to the Values tab of the values list you want to update.
Global Field-Specific Questionnaire
a. From the menu bar, click a. From the menu bar, click a. From the menu bar, click
. . .
b. Under Application Builder, b. Under Application b. Under Application

click Global Values Lists. Builder, click Builder, click
Applications. Questionnaires.
c. Select the application. c. Select the questionnaire.
d. Click the Fields tab and d. Click the Fields tab and
select thevalues list field. select the values list field.
e. Click the Values tab. e. Click the Values tab.
2. In the Values section, click Add New.
3. In the Text Value field, enter the value as you want it to display in the values list.

4. (Optional) In the Description field, enter a description.

If the field is configured to display description links, users will be able to view this description
by clicking the linked value.
5. By default, Active is selected, which makes the value available for selection on the user
interface. If you do not want users to be allowed to select the value, clear Active.
Inactive values are not available for selection, but existing usages of the value are preserved.
6. (Optional) To set the value you are working with as a default selection when the values list is
displayed to users, select Default Selection.
Note: When a user adds a new record in an application or questionnaire that contains a Values
List field with a default value, the default value automatically is selected in the Values List
field, regardless of the user’s access to the field. For example, if a user has read-only access to
a Values List field with a default value of “In Progress,” when the user saves the record, the
value of this field is set to “In Progress” even though the user cannot edit the field. Users with
full access to the field can change the default value.
7. To associate a numeric value with your text value, enter the appropriate number in the Numeric
Value field.
For example, if your text value is "High," you might assign it a numeric value of "10." The
Numeric Value field accepts positive, negative, and decimal values. Using the Calculations
feature, you can reference these numeric values in calculated field formulas.
8. To apply color to the text of the value, follow these steps:
a. Click to the right of the Text Color field.

The Color Selector opens. This dialog box provides a small grouping of basic colors and an
interface for defining custom colors.
b. To select a predefined color, click the color in the Basic Colors control group.
c. To define a custom color, click the Custom tab and enter an RGB or HTML color code in the
fields provided.
A preview of your custom color is displayed in the color swatch.
b. Click OK to save your color choice and close the Color Selector dialog box.
Note: If you associate a color with a values list item, the color is displayed in records in view
mode and on a record node in Relationship Visualization. Values list items are not displayed in
color when users add or edit records unless the user has read-only access to the field.

9. To include an image to represent your value, in the Image field, click and in the Graphic
Selector dialog box, select from the following options:
l Select a Graphic from a Library. In the Available Graphics control group, select the option
next to the graphic that you want to assign to the values list item and click OK.
l Add a New Graphic. In the Available Graphics control group, click Add New to browse for
and select the file. Once you have selected a file, click Open to add the graphic to the Files to
Upload list. Click OK to begin the upload of the file.
Once the file is uploaded, you can select the file to be the image that displays for the value.
Note: If you associate an image with a values list item, the image is displayed in records in view
mode in place of the value name. Values list items are not displayed as an image when users add
or edit records unless the user has read-only access to the field.
10. If you want users to enter descriptive text associated with the value:
a. Select Other.
b. From the Height list, select the height for the text box.
c. In the Default Text field, enter the text that you want to be displayed by default next to the
values list control.
Note: Enabling this property causes the values list control to display a required text box on the
user interface. For example, if you have a value of "N/A," you can use the Other option to force
users to enter information supporting their selection of the "N/A" value.
Only one value for each values list may have the Other option enabled. Changing the Other
option from one value to another results in the loss of all data entered in the “Other” field
associated with the original value. For example, you have a values list where the value “N/A” is
enabled with the Other option. If you enable the value “None of the Above” with the Other
option, all data contained in the “Other” field associated with the “N/A” value is erased.


Arranging Values in Values Lists

When you have a large list of values, you can group the values in a nested, or hierarchical structure
to make them easier to find. You may define as many levels of values as you need and specify
which values are “children” and which are “parents.” You can also choose whether the parent value
is selectable. When values are in a hierarchical structure, they are displayed in this structure when
viewing and editing the field.
You can also configure the display order of the values in global, field-specific, and questionnaire
values lists by sorting items alphanumerically, placing them in a specific order, assigning values a
color from the custom color palette, or arranging them randomly to support certain questionnaire
formats. The process for sorting values in these lists is identical.
Note: Both active and inactive values are available for selection when configuring a values list. To
avoid confusion, RSA recommends deleting unused inactive values from the values list.
Nest values in a values list
1. Go to the values list that you want to update.
. . .

select the values list select the values list
field. field.
2. Click the Values tab.
3. In the Values section, select the value you want to nest.
l Drop the value to the position in the values list.
l Drop the value directly on top of the field to make the value a child of another value.

5. To make a parent value that functions as the title for a list of child values unavailable for
selection, do the following:
a. Select the parent value.
b. Clear the This value is available for selection checkbox.

Configure the sort order for a values list
1. Go to the values list you want to update.
a. From the menu bar, click a. From the menu bar, a. From the menu bar, click
. click . .

c. Select a values list. Applications. Questionnaires.
d. Click the Fields tab. d. Click the Fields tab.
e. Select the Values List e. Select the Values List

field. field.
3. In the Values section, select the applicable option for displayed the list of items.
Option Description
Custom Lists the values in the specific order that you define. To adjust the order of
values, click and drag the value to the position in the list.

Option Description
Ascending Lists the values in ascending alphanumeric order. For example, the values
"High," "Medium," and "Low" would be displayed in the following order: High,
Low, Medium.
Alphanumeric sort is not supported for values lists that contain values in multiple
languages.
Descending Lists the values in descending alphanumeric order. For example, the values
"High," "Medium," and "Low" would be displayed in the following order:
Medium, Low, High.
Random Lists the values in a different order each time the list is displayed. This variation
in display order minimizes the chance that end users detect patterns.
4. Click Save.
Converting Field-Specific Values Lists into Global Values Lists

Because field-specific lists are specific to the field in which they are created, they cannot be reused
in other Values List fields. However, to reuse a field-specific values list, you can convert the field-
specific values list to a global values list, making it available for use in any Values List, Cross-
Application Status Tracking, or Matrix field.
Convert a field-specific values list into a global values list
2. In the Field column, click the field that you want to configure.
3. In the Action field on the General tab, click the Promote to Global Values List link.
4. Click Save.

Defining Field-Specific Column and Row Values for a Matrix Field

A matrix field allows you to display a two-dimensional array of checkboxes, allowing users to plot
or rank responses relative to the two factors posed by the dimensions. During the field creation
process, you can select to populate a Matrix field column and row values with global values lists or
to create custom column and row values. If you select to create field-specific values, you can define
those values from the Fields tab on the Manage Applications page. Field-specific column and row
values are considered local to the Matrix field because you cannot reuse these values for other
fields.
Note: If you selected to use global values lists to populate the Matrix field column and row values,
the Column Values and Row Values links are not displayed on the Fields tab of the Manage
Applications page.
Add field-specific column or row values for a matrix field

1. Go to the Fields tab of the application or questionnaire that you want to update.
2. In the Field Type column, do one of the following:
a. To define values for a column, click Column Values.
b. To define values for a row, click Row Values.
4. In the Text Value field, enter the label.
5. (Optional) In the Description field, enter the description of the value/
6. (Optional) In the Default Selection field, click Select this value by default.
7. In the Numeric Value field, enter the value.
8. (Optional) the Text Color field, select the color for the text of the value.
9. (Optional) the Image field, click Add to attach and image to the value.

10. (Optional) the Other field, click Require users to enter supporting information when they select
this value.
11. Click Save.

Edit field-specific column or row values for a matrix field
1. Under the All Values list, select the value you want to update.
2. Change the property of the value.
3. Click Save.
4. Repeat all steps for other values you want to change.

Export field-specific column or row values for a matrix field

l To export column values, Click Column Values.
l To export row values, click Row Values.

4. In the Text Value field, enter the label.
5. (Optional) In the Description field, enter the description of the value.
6. (Optional) In the Default Selection field, click Select this value by default.
7. In the Numeric Value field, enter the value.
8. (Optional) the Text Color field, select the color for the text of the value.
9. (Optional) the Image field, click Add to attach and image to the value.
10. (Optional) the Other field, click Require users to enter supporting information when they select
this value.
11. Click Save.

Import field-specific column or row values for a matrix field

3. In the Values section, click Import.
4. Under the All Values list, select the value you want to update.
5. Click Add New

6. Select the XML file you want to upload and click Open.
7. Click OK.
8. Update the value properties as needed.
9. Click Save.

Inactivate field-specific column or row values for a matrix field

3. Under the All Values list, select the value you want to inactivate.
4. In the Active field, clear the Make the value available for selection checkbox.
5. Repeat steps 2 and 3 for other values you want to inactivate.
6. Click Save.


Importing Values into Values Lists

You can define the values list properties by importing the properties from an external XML file. The
following conditions apply when importing a values list:
l Existing values list with a node name that matches a value in the XML file will be updated with
the properties contained in your import file.
l Values can be imported in global, field-specific, and questionnaire values lists. The process for
adding values to these types of lists is identical.
l Values in your XML file that do not match an existing value in the list are imported as new
values.
Values can be imported in global, field-specific, and questionnaire values lists. The process for
adding values to these types of lists is identical.
XML example and attributes

Your XML file must have a structure similar to the following example.
The following table describes each attribute and whether it is required or optional.
Attribute Required/Optional Description
name Required The name of the value as you want it to display in the
values list. It maps to the Text Value field on the Edit
Value page.
active Required Defines whether the values list item is available for
selection on the user interface. It maps to the Active
field on the Edit Value page. Use the value "true" or
"false" with this attribute.

value Optional The numeric value associated with the text value
name. For example, you could associate the numeric
value "10" with the text value "High." This attribute
maps to the Numeric Value field on the Edit Value
page.
description Optional Description of the value. It maps to the Description

field on the Edit Value page.
selectedDefault Required Defines whether the values list item is the default
selection. It maps to the Default Selection field on the
Edit Value page. Use the value "true" or "false" with
this attribute.
textColor Optional The HTML color code to apply to the value. It maps to
the Text Color field on the Edit Value page.
status Required Defines whether the properties of this value can be

modified. A value of “0” means administrators can edit
the value. A value of “1” means that the value is
"locked;" only the name and description of the value
can be modified. A value of "2" means that the value is
"static;" no properties can be modified.
otherTextEnabled Optional Associates the "Other" text field with the values list
item. It maps to the Other field on the Edit Value page.
Use the value "true" or "false" with this attribute. Only
one value per values list can be defined as "Other."
otherTextHeight Optional Defines the height of the "Other" text field. This
attribute can be used only in conjunction with the
otherTextEnabled attribute.
otherTextDefault Optional Defines the default text for the "Other" text field. This
attribute can be used only in conjunction with the
otherTextEnabled attribute.

image Optional The name of the image file associated with the values
list item. When you import a values list item that has
an image attribute (the filename of the image), RSA
Archer GRC maps the image attribute to a file name
on the server. RSA Archer GRC displays the image
associated with the filename on the server. If an exact
match cannot be found, no image is displayed. This
attribute does not accommodate the import of new or
updated images.
Import a values list
1. Go to the Values List page of the following values list you want to update.
. . .

field. field.
2. In the Values section, click Import.
3. Click Add New.
4. Select the XML file.
5. Click Open to add the file to the Files to Upload list.
6. Click OK.

Exporting Values from Values Lists

You can export a values list to an external XML file using the export feature for global, field-
specific, and questionnaire values lists. You can make changes to the values in the XML file and re-
import the list to quickly update your values.
Export a values list
1. Go to the Values List page of the values list you want to update.
. . .
b. Under Application Builder, b. Under Application b. Click Questionnaires.

click Global Values Lists. Builder, click c. Select the questionnaire.
c. Select a values list. Applications.
d. Click the Fields tab and
c. Select the application. select the values list
d. Click the Fields tab and field.
select the values list e. Click the Values tab.
field.
e. Click the Values tab.
2. In the Values section, click Export.
3. Select to Open or Save the XML file.

Deleting Values from Values Lists

You can delete a value from global, field-specific, and questionnaire values lists. When you delete a
value from a global, field-specific, or questionnaire values list, that value no longer is available for
selection. Only non-selected values can be deleted. If you attempt to delete a value that has been
selected in one or more records, RSA Archer GRC provides an informational message stating that
the value may not be deleted.
Important: You cannot delete values from a values list that are used in an advanced workflow.

You can also delete multiple values from a global, field-specific, or questionnaire values list by
exporting the values list as an XML file and deleting the values from the exported list. The Bulk
Delete feature enables you to upload the revised XML file, and removes the deleted values from the
values list accordingly.
Note: Regular maintenance of your values list is important to avoid confusion when configuring your
values in charts. RSA recommends that you maintain your values lists by deleting unused inactive
values.
Note: Both active and inactive values are available for selection when configuring a values list. To
avoid confusion, RSA recommends deleting unused inactive values from the values list.
Delete a value from a values list
1. Go to the Values tab of the values list you want to update.
. . .

field. field.
2. In the Structure pane in the Values section, select the value that you want to delete.
3. In the Properties pane, click Delete for the value that you want to delete.


Delete multiple values from a values list
1. Go to the values list you want to update.
a. From the menu bar, click a. From the menu bar, a. From the menu bar, click
. click . .

c. Select a values list. Applications. Questionnaires.
d. Click the Fields tab. d. Click the Fields tab.
e. Select the Values List e. Select the Values List

field. field.
3. Export and delete values list values.
a. In the Values section, click Export > Save.
b. Delete values from the exported values list.
c. Save the revised XML file.
4. Add the revised XML file as follows:
a. On the Values tab, click Bulk Delete.
b. Click Add New.
c. Select the revised values list XML file.
d. Click Open.
e. Click OK.


Functions and Operators
DATEADD Function
The DATEADD function increases or decreases a date/time value by a given number of date/time
units, such as days, hours or minutes.
Dates and times are converted to Greenwich Mean Time (GMT) in the RSA Archer database. As a
result, dates and times in calculations are returned in GMT.
Important: DATEADD always considers time, even if the referenced Date field is not configured
to show time information. If a literal date string is supplied that does not contain time, midnight will
be assumed.
Return Type: Date with time

Syntax: DATEADD(datetime_unit, increment, datetime)
In the above syntax, parameters in bold are required.
Parameter Description
datetime_ The date/time part that should be used as the interval for increasing or decreasing
unit the datetime parameter’s value. This parameter can be entered as DAY, HOUR or
MINUTE.
increment The number of date/time units that should be added to the datetime parameter’s
value. This parameter must be formatted as a positive or negative integer greater
than or equal to 1. (Decimal places are not supported.) If a positive number is
provided, the function adds the specified number of date/time units to the datetime
parameter’s value. If a negative number is provided, the function performs a
subtraction.
datetime The date/time value that should be increased or decreased by the specified number
of date/time units. This parameter should be formatted as a Date-field reference, for
example, [field name].
Examples:
Formula Result
DATEADD(DAY, 10, [First Published]) 8/20/2010 7:21 AM

where the value of First Published is 8/10/2010 7:21 AM
DATEADD(HOUR, 6, [First Published]) 8/10/2010 1:21 PM


Formula Result
DATEADD(MINUTE, 30, [First Published]) 8/10/2010 7:51 AM

DATEDIF Function
The DATEDIF function calculates the number of days between two dates.
Dates and times are converted to Greenwich Mean Time (GMT) in the RSA Archer GRC database.
As a result, dates and times in calculations are returned in GMT.
Important: DATEDIF always considers time in the comparison, even if the referenced Date field is
not configured to show time information. If a literal date string is supplied that does not contain time,
midnight will be assumed.
Return Type: Numeric

Syntax: DATEDIF(start_date, end_date, datetime_unit)
start_date The starting date of the period. This date can be entered as a hard-coded value, for
example, 10/21/2010, or as a Date-field reference, for example, [date field name]. If
a hard-coded value is supplied, it must be wrapped in the DATETIMEVALUE
function. If time is supplied to DATETIMEVALUE in a date string, it must be in
24-hour clock format, for example, 14:25 represents 2:45 PM.
end_date The ending date of the period. This date can be entered as a hard-coded value (for
example, 10/21/2004) or as a Date-field reference (for example, [date field name]).
If a hard-coded value is supplied, it must be wrapped in the DATETIMEVALUE
function. If time is supplied to DATETIMEVALUE in a date string, it must be in
24-hour clock format, for example, 14:25 represents 2:45 PM.
datetime_ The granularity of the time information to be returned. This parameter can be
unit entered as DAY, HOUR or MINUTE. If the datetime_unit parameter is omitted,
DAY will be assumed. If DAY is specified, the difference will be calculated based
on 24 hour periods, rather than the day portion of the date value.
Examples:
Formula Result
DATEDIF(DATETIMEVALUE("10/21/2010"), [First Published]) 36

where the value in the First Published field for the record is 11/26/2010.

Formula Result
DATEDIF([First Published], [Last Updated], DAY) 0

where the value in the First Published field for the record is 11/26/2010 11:59 PM and the
value in the Last Updated field is 11/27/2010 12:01 AM.
In this example, the day difference is zero (0) because the two dates are not 24 hours
apart.
DATEDIF([First Published], [Last Updated], HOUR) 50

where the value in the First Published field for the record is 10/1/2010 8:05 AM and the
DATEDIF([First Published], [Last Updated], MINUTE) 147

where the value in the First Published field for the record is 10/1/2010 8:05 AM and the
DATEFORMAT Function
The DATEFORMAT function returns the supplied date in the format specified by the date "mask."
Dates and times are converted to Greenwich Mean Time (GMT) in the RSA Archer database. As a
result, dates and times in calculations are returned in GMT.
Important: DATEFORMAT always permits full date and time formatting for the given Date field,
even if that field is not configured to display time information.
Return Type: Text

Syntax: DATEFORMAT(date, date_mask)
date The starting date of the period. This date can be entered as a hard-coded value, for
example, 10/21/2010) or as a Date-field reference, for example, [field name].
date_mask The mask used for formatting the returned date. The date_mask parameter must be
enclosed in quotes.
Date masks used with the DATEFORMAT function can contain any combination of
the date elements.
The following table provides examples of possible date part combinations.
Date Mask Return Example
M-d-yy h:mm tt 8-2-10 9:30 AM

Date Mask Return Example
MM.dd.yyyy 08.02.2010
MMMM d, yyyy HH:mm August 2, 2010 09:30
yyyy-MM-dd 2010-08-02
MMddyy 080210
The following separator characters are supported for date masks:

l space
l forward slash (/)
l hyphen (-)
l period (.)
l comma (,)
l colon (:)
Examples:
Formula Result
DATEFORMAT([First Published], "M/d/yyyy h:mm tt") 8/20/2010 7:21 AM

where the date-time value of First Published is 8/2010 7:21 AM.
DATEFORMAT([Last Updated], "M/d/yyyy HH:mm") 12/19/2010 14:51

where the date-time value of Last Updated is 12/19/2010 2:51 PM.
DATEFORMAT(NOW(), "h:mm tt") 5:12 AM

where the date-time value of NOW( ) is 8/6/2010 5:12 AM.
DATEFORMAT([Start], "hh:mm t") 06:48 P

where the date-time value of Start is 9/19/2010 6:48 PM.
DATEFORMAT([Stop], "H") 19
where the date-time value of Stop is 4/8/2010 7:00 PM.
DATEFORMAT([Logged], "m") 57
where the date-time value of Logged is 12/29/2010 3:57 PM.

DATETIMEVALUE Function
The DATETIMEVALUE function converts a literal date/time string to a serial number. The serial
number represents the number of whole and partial days that have elapsed since January 1, 1900.
Important: Dates and times are converted to Greenwich Mean Time (GMT) in the RSA Archer
database. As a result, dates and times in calculations are returned in GMT.
Return Type: Number (serial number representing date and time)

Syntax: DATETIMEVALUE(datetime_string)
This function only accepts dates in the US format (MM/DD/YYYY). In the above syntax,
parameters in bold are required.
datetime_ The literal date/time string value to be converted. This cannot be a field
string reference.
Examples:
Formula Result
DATETIMEVALUE("10/02/2010") 40453
DATETIMEVALUE("10/02/2010 01:50") 40453.08
DAY Function
The DAY function returns an integer between 1 and 31, which represents the day of the month for
the specified date value.

Syntax: DAY(date)
date The date value to be evaluated in determining the day of the month. This parameter
should be formatted as a Date-field reference, for example, [field name].
Example:

Formula Result
DAY([Logged]) 13
where the value in the Logged field is 7/13/2010 10:45 AM.
HOUR Function
The HOUR function returns an integer between 0 and 23, which represents the hour of the day for
the specified date value. Formula validation will fail for this function if the Time Information option
is not enabled for the Date field referenced in the date parameter.
Syntax: HOUR(date)
date The date value to be evaluated in determining the hour of the day. This parameter
Example:
Formula Result
HOUR([Logged]) 14
where the value in the Logged field is 7/13/2006 2:45 PM.
MINUTE Function
The MINUTE function returns an integer between 0 and 59, which represents the minute of the hour
for the specified date value. Formula validation will fail for this function if the Time Information
option is not enabled for the Date field referenced in the date parameter.

Syntax: MINUTE(date)
date The date value to be evaluated in determining the minute of the hour. This parameter
Examples:

Formula Result
MINUTE([Logged]) 45
MINUTE([Patch Date]) 0
where the Patch Date field is a Date field that is not configured to accept time entry.
MONTH Function
The MONTH function returns an integer between 1 and 12, which represents the month of the year
for the specified date value.

Syntax: MONTH(date)
date The date value to be evaluated in determining the month of the year. This parameter
Example:
Formula Result
MONTH([Logged]) 7
MONTHNAME Function
The MONTHNAME function returns the name of the month for the supplied date value. The return
value is the full name, not an abbreviation.

Syntax: MONTHNAME(date)

date The date value to be evaluated in determining the month of the year. This parameter
Example:
Formula Result
MONTHNAME([Due Date]) July

where the value in the Due Date field is 7/13/2010 2:45 PM.
NOW Function
The NOW function returns the current date/time. Each time a record is recalculated, the calculated
field displays an updated date/time value. The full timestamp is stored for the calculated Date field
even if the field is not configured to display time. If the Time Information option is later enabled for
the field, the time will be displayed as it was originally computed.
Internally, the NOW function returns a serial number that represents the number of whole and partial
days that have elapsed since January 1, 1900. From the user perspective, the value returned by the
NOW function displays differently depending on the type of field to which the value will be
returned.
Return Type: Varies based upon the type of field receiving the return value. See the examples
below.
Syntax: NOW( )
This function does not have any parameters.
Examples:
For these examples, assume that the current date and time is October 2, 2010 at 1:46 a.m.
Field Type Formula Result
Numeric NOW( ) 40453.073611111
Date NOW( ) 10/02/2010 1:46 AM
Text DATEFORMAT(NOW( ),"M/d/yyyy h:mm tt") 10/02/2010 1:46 AM
QUARTER Function
The QUARTER function returns an integer between 1 and 4, which represents the calendar quarter
in which the specified date value falls.


Syntax: QUARTER(date)
date The date value to be evaluated in determining the calendar quarter. This parameter
Example:
Formula Result
QUARTER([Due Date]) 4
where the value in the Due Date field is 12/15/2010 8:00 PM.
TODAY Function
The TODAY function returns the date value for the current date. Each time a record is recalculated,
the calculated field will display an updated date.
Internally, the TODAY function returns a serial number that represents the number of whole days
that have elapsed since January 1, 1900. From the user perspective, the value returned by the
TODAY function will display differently depending on the type of field to which the value will be
returned.
Return Type: Varies based upon the type of field receiving the return value. See the examples
below.
Syntax: TODAY( )
Examples:
For these examples, assume that the current date and time is October 2, 2010 at 1:46 a.m.
Field Type Formula Result
Numeric TODAY( ) 40453
Date TODAY( ) 10/02/2010
Text DATEFORMAT(TODAY( ),"M/d/yyyy") 10/02/2010

WEEKDAY Function
The WEEKDAY function returns the day of the week for the supplied date value. The return value
is the full name, not an abbreviation.
Return Type: Text

Syntax: WEEKDAY(date)
date The date value to be evaluated in determining the day of the week. This parameter
Example:
Formula Result
WEEKDAY([Due Date]) Wednesday

where the value in the Due Date field is 12/15/2010 8:00 p.m.
WEEKNUMBER Function
The WEEKNUMBER function returns a number that indicates the week in which a given date falls
for a calendar year beginning on January 1.

Syntax: WEEKNUMBER(date, week_start)
date The date value to be evaluated in determining the day of the week. This parameter
week_start Accepts the keyword SUNDAY or MONDAY to specify whether weeks should be
treated as beginning on Sunday or on Monday.
If no value is passed for this parameter, SUNDAY will be assumed.
Examples:

Formula Result
WEEKNUMBER([Due Date]) 38
where the value in the Due Date field is 9/14/2008 (a Sunday).
WEEKNUMBER ([Due Date], SUNDAY) 38

WEEKNUMBER ([Due Date], MONDAY) 37

YEAR Function
The YEAR function returns the year corresponding to a date.

Syntax: YEAR(date)
date The date of the year that you want to find. This parameter can be entered as a hard-
coded date value, for example, "1/2/2010" or as a date-field reference, for example,
[date field name].
Example:
Formula Result
YEAR([First Published]) 2010

where the value in the First Published field is 11/26/2010.
DB Function
The DB function returns the depreciation of an asset for a specified period using the fixed-declining
balance method.
Syntax: DB(cost,salvage,life,period,month)

cost The initial cost of the asset.
salvage The value at the end of the depreciation (sometimes called the salvage value of the
asset).
life The number of periods over which the asset is being depreciated (sometimes called
the useful life of the asset).
period The period for which you want to calculate the depreciation. Period must use the
same units as life.
month The number of months in the first year. If month is omitted, it is assumed to be 12.
Examples:
Formula Result
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Years], Depreciation in first

[Month]) year, with only 7
where the value in the Initial Cost field is 1,000,000, the value in the months calculated
Salvage Value field is 100,000, the value in the Lifetime in Years field is (186,083.33)
6, the value in the Period in Years field is 1, and the value in the Month
field is 7.
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Years], Depreciation in

[Month]) second year
where the value in the Initial Cost field is 1,000,000, the value in the (259,639.42)
Salvage Value field is 100,000, the value in the Lifetime in Years field is
field is 7.
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Years], Depreciation in third

[Month]) year (176,814.44)
where the value in the Initial Cost field is 1,000,000, the value in the
field is 7.

Formula Result
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Years], Depreciation in fourth

[Month]) year (120,410.64)
field is 7.
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Years], Depreciation in fifth

[Month]) year (81,999.64)
field is 7.
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Years], Depreciation in sixth

[Month]) year (55,841.76)
field is 7.
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Years], Depreciation in

[Month]) seventh year, with
where the value in the Initial Cost field is 1,000,000, the value in the only 5 months
Salvage Value field is 100,000, the value in the Lifetime in Years field is calculated (15,845.10)
field is 7.
DDB Function
The DDB function returns the depreciation of an asset for a specified period using the double-
declining balance method or some other method that you specify. The double-declining balance
method computes depreciation at an accelerated rate. Depreciation is highest in the first period and
decreases in successive periods. DDB uses the following formula to calculate depreciation for a
period:
Min( (cost - total depreciation from prior periods) * (factor/life), (cost - salvage - total depreciation
from prior periods) )
Use the VDB function to switch to the straight-line depreciation method when depreciation is
greater than the declining balance calculation.
Return Type: Numeric. The results are rounded to two decimal places.
Syntax: DDB(cost,salvage,life,period,factor)

cost The initial cost of the asset. Must be a positive number.
asset). This value can be 0. Must be a positive number.
life The number of periods over which the asset is being depreciated (sometimes called
the useful life of the asset). Must be a positive number.
period The period for which you want to calculate the depreciation. Period must use the
same units as life. Must be a positive number.
factor The rate at which the balance declines. If factor is omitted, it is assumed to be 2
(the double-declining balance method). Change factor if you do not want to use the
double-declining balance method. Must be a positive number.
Examples:
Formula Result
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in First day depreciation. Archer

Years]) automatically assumes that
where the value in the Initial Cost field is 2400, the value in the factor is 2. (1.32)
Salvage Value field is 300, the value in the Lifetime in Years
field is 10, and the value in the Period in Years field is 1.
DB([Initial Cost],[Salvage Value],[Lifetime in Months],[Period in First month depreciation

Months],[Factor]) (40.00)
where the value in the Initial Cost field is 2400, the value in the
field is 120, the value in the Period in Years field is 1, and the
value in the Factor field is 2.
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in First year depreciation

Years],[Factor]) (480.00)
where the value in the Initial Cost field is 2400, the value in the
value in the Factor field is 2.

Formula Result
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Second year depreciation

Years],[Factor]) using a factor of 1.5 instead of
where the value in the Initial Cost field is 2400, the value in the the double-declining balance
Salvage Value field is 300, the value in the Lifetime in Years method (306.00)
value in the Factor field is 1.5.
DB([Initial Cost],[Salvage Value],[Lifetime in Years],[Period in Tenth year depreciation.

Years]) Archer automatically assumes
where the value in the Initial Cost field is 2400, the value in the that factor is 2 (22.12)
field is 10, and the value in the Period in Years field is 10.
FV Function
The FV function returns the future value of an investment based on periodic, constant payments and
a constant interest rate.
Syntax: FV(rate,nper,pmt,pv,type)
rate The interest rate per period.
nper The total number of payment periods in an annuity.
pmt The payment made each period; it cannot change over the life of the annuity.
Typically, pmt contains principal and interest but no other fees or taxes. If pmt is
omitted, you must include the pv argument.
pv The present value, or the lump-sum amount that a series of future payments is worth
right now. If pv is omitted, it is assumed to be 0 (zero), and you must include the
pmt argument.
type The number 0 or 1 and indicates when payments are due. If type is omitted, it is
assumed to be 0.
l Set type equal to 0 if payments are due at the end of the period.
l Set type equal to 1 if payments are due at the beginning of the period.

Note: Be consistent about the units that you use for specifying rate and nper. If you make monthly
payments on a four-year loan at 12 percent annual interest, use 12%/12 for rate and 4*12 for nper. If
you make annual payments on the same loan, use 12% for rate and 4 for nper.
For all of the arguments, cash you pay out, such as deposits to savings, is represented by negative
numbers; cash you receive, such as dividend checks, is represented by positive numbers.
Examples:
Formula Result
FV([Annual Rate],[Number of Payments],[Payment Amount],[Present Future value of an

Value],[Payment Due Indicator]) investment with
where the value in the Annual Rate field is .06/12, the value in the Number of the given terms
Payments field is 10, the value in the Payment Amount field is -200, the value (2581.40)
in the Present Value field is -500, and the value in the Payment Due Indicator
field is 1.
The annual interest rate is divided by 12 because it is compounded monthly.
FV([Annual Rate],[Number of Payments],[Payment Amount]) Future value of an

where the value in the Annual Rate field is .12/12, the value in the Number of investment with
Payments field is 12, and the value in the Payment Amount field is the given terms
-1000. (12,682.50)
FV([Annual Rate],[Number of Payments],[Payment Amount], ,[Payment Due Future value of an

Indicator]) investment with
where the value in the Annual Rate field is .11/12, the value in the Number of the given terms
Payments field is 35, the value in the Payment Amount field is -2000, and the (82,846.25)
value in the Payment Due Indicator field is 1.
FV([Annual Rate],[Number of Payments],[Payment Amount],[Present Future value of an

Value],[Payment Due Indicator]) investment with
where the value in the Annual Rate field is .06/12, the value in the Number of the above terms
Payments field is 12, the value in the Payment Amount field is -100, the value (2301.40)
in the Present Value field is -1000, and the value in the Payment Due
Indicator field is 1.

IPMT Function
The IPMT function returns the interest payment for a given period for an investment based on
periodic, constant payments, and a constant interest rate.
Syntax: IPMT(rate,per,nper,pv,fv,type)
per The period for which you want to find the interest and must be in the range 1 to
nper.

For all of the arguments, cash you pay out, such as deposits to savings, is
represented by negative numbers; cash you receive, such as dividend checks, is
represented by positive numbers.
right now.
For all of the arguments, cash you pay out, such as deposits to savings, is
represented by negative numbers; cash you receive, such as dividend checks, is
represented by positive numbers.
fv The future value, or a cash balance you want to attain after the last payment is
made. If fv is omitted, it is assumed to be 0 (the future value of a loan, for example,
is 0).
assumed to be 0.
l Set type equal to 0 if payments are due at the end of the period.
Note: Make sure that you are consistent about the units that you use for specifying rate and nper. If
you make monthly payments on a four-year loan at 12 percent annual interest, use 12%/12 for rate
and 4*12 for nper. If you make annual payments on the same loan, use 12% for rate and 4 for nper.
Examples:

Formula Result
IPMT([Rate],[Period],[Years of Loan],[Present Value]) Interest due in the first month for a

where the value in the Rate field is .10/12, the value in the loan with the terms given (-66.67)
Period field is 1, the value in the Years of Loan field is
3*12, and the value in the Present Value field is 8000.
The interest rate is divided by 12 to get a monthly rate. The
years the money is paid out is multiplied by 12 to get the
number of payments.
IPMT([Rate],[Period],[Years of Loan],[Present Value]) Interest due in the last year for a

where the value in the Rate field is .10, the value in the loan with the terms given, where
Period field is 3, the value in the Years of Loan field is 3, payments are made yearly (-292.45)
and the value in the Present Value field is 8000.
IRR Function
The IRR function returns the internal rate of return for a series of cash flows represented by the
numbers in values. These cash flows do not have to be even, as they would be for an annuity.
However, the cash flows must occur at regular intervals, such as monthly or annually. The internal
rate of return is the interest rate received for an investment consisting of payments (negative values)
and income (positive values) that occur at regular periods.
Syntax: IRR(values,guess)
values A reference (using the REF function) to fields that contain numbers for which you
want to calculate the internal rate of return. Note the following:
l Values must contain at least one positive value and one negative value to
calculate the internal rate of return.
l IRR uses the order of values to interpret the order of cash flows. Be sure to enter
your payment and income values in the sequence you want.
l If a reference field contains text, logical values, or empty cells, those values are
ignored.

guess A number that you guess is close to the result of IRR. Note the following:
l Archer uses an iterative technique for calculating IRR. Starting with guess, IRR
cycles through the calculation until the result is accurate within 0.00001 percent.
If IRR cannot find a result that works after 20 tries, an error value is returned.
l In most cases you do not need to provide guess for the IRR calculation. If guess
is omitted, it is assumed to be 0.1 (10 percent).
l If the result is not close to what you expected, try again with a different value for
guess.
IRR is closely related to NPV, the net present value function. The rate of return calculated by IRR
is the interest rate corresponding to a 0 (zero) net present value. The following formula demonstrates
how NPV and IRR are related:
NPV(IRR(B1:B6),B1:B6)
equals 3.60E-08 [Within the accuracy of the IRR calculation, the value 3.60E-08 is effectively 0
(zero).]
Examples:
Formula Result
IRR([REF([Related Yearly Results],[Net Income])) Investment internal rate of

where Related Yearly Results is a cross-reference field to another return after five years (-
application. The other application has a field called Net Income 2%).
which contains the values -70,000, 12,000, 15,000, 18,000, 21,000
and 26,000.
IRR([REF([Related Yearly Results],[Net Income]),[Guess]) To calculate the internal

where Related Yearly Results is a cross-reference field to another rate of return after two
application. The other application has a field called Net Income years, you need to include
which contains the values -70,000, 12,000 and 15,000, and the value a guess (-44%).
in the Guess field is 0.10.
ISPMT Function
The ISPMT function calculates the interest paid during a specific period of an investment. This
function is provided for compatibility with Lotus 1-2-3.
For additional information about financial functions, see the PV function.
Syntax: ISPMT(rate,per,nper,pv)

rate The interest rate for the investment.
per The period for which you want to find the interest and must be in the range 1 to
nper.

Make sure that you are consistent about the units that you use for specifying rate and
nper. If you make monthly payments on a four-year loan at an annual interest rate of
12 percent, use 12%/12 for rate and 4*12 for nper. If you make annual payments on
the same loan, use 12% for rate and 4 for nper.
pv The present value of the investment. For a loan, pv is the loan amount.
The cash that you pay out, such as deposits to savings or other withdrawals, is
represented by negative numbers; the cash that you receive, such as dividend checks
and other deposits, is represented by positive numbers.
Examples:
Formula Result
ISPMT([Rate],[Period],[Number of Years],[Loan Amount]) Interest paid for the first

where the value in the Rate field is 0.10/12, the value in the monthly payment of a loan
Period field is 1, the value in the Number of Years field is 3*12, with the given terms (-
and the value in the Loan Amount field is 8,000,000. 64814.8)
The interest rate is divided by 12 to get a monthly rate. The years

the money is paid out is multiplied by 12 to get the number of
payments.
ISPMT([Rate],[Period],[Number of Years],[Loan Amount]) Interest paid in the first year

where the value in the Rate field is 0.10, the value in the Period of a loan with the given terms
field is 1, the value in the Number of Years field is 3, and the (-533333)
value in the Loan Amount field is 8,000,000.
MIRR Function
The MIRR function returns the modified internal rate of return for a series of periodic cash flows.
MIRR considers both the cost of the investment and the interest received on reinvestment of cash.
MIRR uses the order of values to interpret the order of cash flows. Be sure to enter your payment
and income values in the sequence that you want and with the correct signs (positive values for cash
received, negative values for cash paid).

Syntax: MIRR(values,finance_rate,reinvest_rate)
values A reference (using the REF function) to fields that contain numbers. These numbers
represent a series of payments (negative values) and income (positive values)
occurring at regular periods. Note that:
l Values must contain at least one positive value and one negative value to
calculate the modified internal rate of return. Otherwise, MIRR returns an error
value.
l If a reference argument contains text, logical values, or empty cells, those values
are ignored; however, cells with the value zero are included.
finance_ The interest rate that you pay on the money used in the cash flows.
rate
reinvest_ The interest rate that you receive on the cash flows as you reinvest them.
rate
Example:
Formula Result
MIRR(REF([Related Results],0.10,0.12)) Investment

where Related Yearly Results is a cross-reference field to another modified rate of
application. The other application has a field called Net Income which return after five
contains the values -120,000, 39,000, 30,000, 21,000, 37,000 and 46,000. years (13%)
NPER Function
The NPER function returns the number of periods for an investment based on periodic, constant
payments and a constant interest rate.
For a more complete description of the arguments in NPER and for more information about annuity
functions, see the PV function.
Syntax: NPER(rate, pmt, pv, fv, type)

pmt The payment made each period; it cannot change over the life of the annuity.
Typically, pmt contains principal and interest but no other fees or taxes.
right now.
fv The future value, or a cash balance that you want to attain after the last payment is
is 0).
type The number 0 or 1 and indicates when payments are due.

l Set type equal to 0 or omitted if payments are due at the end of the period.
Examples:
Formula Result
NPER([Rate],[Payment],[Present Value],[Future Value], Periods for the investment with

[Payment Due]) the given terms (60)
where the value in the Rate field is 0.12/12, the value in the
Payment field is -100, the value in the Present Value field is -
1000, the value in the Future Value field is 10000, and the value
in the Payment Due field is 1.
NPER([Rate],[Payment],[Present Value],[Future Value]) Periods for the investment with

where the value in the Rate field is 0.12/12, the value in the the given terms, except
Payment field is -100, the value in the Present Value field is - payments are made at the
1000, and the value in the Future Value field is 10000. beginning of the period (60)
NPER([Rate],[Payment],[Present Value]) Periods for the investment with

where the value in the Rate field is 0.12/12, the value in the the given terms, except with a
Payment field is -100, and the value in the Present Value field is future value of 0 (-9.578)
-1000.
NPV Function
The NPV function calculates the net present value of an investment using a discount rate and a
series of future payments (negative values) and income (positive values).

The NPV investment begins one period before the date of the value1 cash flow and ends with the
last cash flow in the list. The NPV calculation is based on future cash flows. If your first cash flow
occurs at the beginning of the first period, the first value must be added to the NPV result, not
included in the values arguments.
NPV is similar to the PV function (present value). The primary difference between PV and NPV is
that PV allows cash flows to begin either at the end or at the beginning of the period. Unlike the
variable NPV cash flow values, PV cash flows must be constant throughout the investment. For
information about annuities and financial functions, see the PV function.
NPV is also related to the IRR function (internal rate of return). IRR is the rate for which NPV
equals zero: NPV(IRR(...), ...) = 0. See the IRR function.
Syntax: NPV(rate,value1,value2, ...)
rate The rate of discount over the length of one period.
value1,value2,... 1 to 254 arguments representing the payments and income. Note that:
l Value1, value2, ... must be equally spaced in time and occur at the end of
each period.
l NPV uses the order of value1, value2, ... to interpret the order of cash flows.
Be sure to enter your payment and income values in the correct sequence.
l Arguments that are numbers, empty cells, logical values, or text

representations of numbers are counted; arguments that are error values or
text that cannot be translated into numbers are ignored.
l If an argument is a reference, only numbers in that reference are counted.

Empty cells, logical values, or text in the reference are ignored.
Examples:
Formula Result
NPV([Rate],[Values]) Net present value of this investment (1,188.44)

where the value in the Rate field is 0.10 In this example, you include the initial $10,000 cost
and the values in the Values field are - as one of the values, because the payment occurs at
10,000, 3,000, 4,200 and 6,800. the end of the first period.

Formula Result
NPV([Rate],[Values]) + (-40,000) Net present value of this investment (1,922.06)

where the value in the Rate field is 0.08 In this example, you do not include the initial
and the values in the Values field are $40,000 cost as one of the values, because the
8,000, 9,200, 10,000, 12,000 and 14,500. payment occurs at the beginning of the first period.
NPV([Rate],[Values],-9,000) + (-40,000) Net present value of this investment, with a loss in

where the value in the Rate field is 0.08 the sixth year of 9000 (-3,749.47)
and the values in the Values field are In this example, you do not include the initial
8,000, 9,200, 10,000, 12,000 and 14,500. $40,000 cost as one of the values, because the
payment occurs at the beginning of the first period.
PMT Function
The PMT function calculates the payment for a loan based on constant payments and a constant
interest rate. The payment returned by PMT includes principal and interest but no taxes, reserve
payments, or fees sometimes associated with loans.
Note: To find the total amount paid over the duration of the loan, multiply the returned PMT value by
nper.

Syntax: PMT(rate,nper,pv,fv,type)
rate The interest rate for the loan.
nper The total number of payment periods for the loan.
pv The present value, or the total amount that a series of future payments is worth now;
also known as the principal.
made. If fv is omitted, it is assumed to be 0 (zero), that is, the future value of a loan
is 0.
assumed to be 0.

Note: Make sure that you are consistent about the units you use for specifying rate and nper. If you
make monthly payments on a four-year loan at an annual interest rate of 12 percent, use 12%/12 for
rate and 4*12 for nper. If you make annual payments on the same loan, use 12 percent for rate and 4
for nper.
Examples:
Formula Result
PMT([Rate],[Number of Payments],[Amount of Monthly payment for a loan with the given

Loan]) terms (-1,037.03)
where the value in the Rate field is 0.08/12, the
value in the Number of Payments field is 10, and the
value in the Amount of Loan field is 10000.
PMT([Rate],[Number of Payments],[Amount of Monthly payment for a loan with the given

Loan],[Future Value],1) terms, except payments are due at the
where the value in the Rate field is 0.08/12, the beginning of the period (-1,030.16)
value in the Number of Payments field is 10, the
value in the Amount of Loan field is 10000, and the
value in the Future Value field is 0.
PMT([Rate],[Years to Save],[Present Value],[Goal Amount to save each month to have 50,000

Amount]) at the end of 18 years (-129.08)
where the value in the Rate field is 0.06/12, the Note: The interest rate is divided by 12 to
value in the Years to Save field is 18*12, the value get a monthly rate. The number of years the
in the Present Value field is 0, and the value in the money is paid out is multiplied by 12 to get
Goal Amount field is 50000. the number of payments.
PPMT Function
The PPMT function returns the payment on the principal for a given period for an investment based
on periodic, constant payments and a constant interest rate.
Syntax: PPMT(rate,per,nper,pv,fv,type)
rate The interest rate for the period.
per Specifies the period and must be in the range 1 to nper.

pv The present value— the total amount that a series of future payments is worth now.
made. If fv is omitted, it is assumed to be 0 (zero), that is, the future value of a loan
is 0.
assumed to be 0.
Note: Make sure that you are consistent about the units that you use for specifying rate and nper. If
you make monthly payments on a four-year loan at an annual interest rate of 12 percent, use 12%/12
for rate and 4*12 for nper. If you make annual payments on the same loan, use 12% for rate and 4
for nper.
Examples:
Formula Result
PPMT([Rate],[Period],[Number of Years of Loan], Payment on principle for the first month of

[Amount of Loan]) loan (-75.62)
where the value in the Rate field is 0.10/12, the Note: The interest rate is divided by 12 to
value in the Period field is 1, the value in the get a monthly rate. The number of years the
Number of Years of Loan field is 2*12, and the money is paid out is multiplied by 12 to get
value in the Amount of Loan field is 2000. the number of payments.
PPMT([Rate],[Period],[Number of Years of Loan], Principal payment for the last year of the
[Amount of Loan]) loan with the given terms (-27,598.05)
where the value in the Rate field is 0.08, the value
in the Period field is 10, the value in the Number of
Years of Loan field is 10, and the value in the
Amount of Loan field is 200,000.
PV Function
The PV function returns the present value of an investment. The present value is the total amount
that a series of future payments is worth now. For example, when you borrow money, the loan
amount is the present value to the lender.

Note: Make sure that you are consistent about the units you use for specifying rate and nper. If you
make monthly payments on a four-year loan at 12 percent annual interest, use 12%/12 for rate and
4*12 for nper. If you make annual payments on the same loan, use 12% for rate and 4 for nper.
The following functions apply to annuities:

l FV
l IPMT
l PMT
l PPMT
l PV
l RATE
An annuity is a series of constant cash payments made over a continuous period. For example, a car
loan or a mortgage is an annuity. For more information, see the description for each annuity function.
In annuity functions, cash you pay out, such as a deposit to savings, is represented by a negative
number; cash you receive, such as a dividend check, is represented by a positive number. For
example, a $1,000 deposit to the bank would be represented by the argument -1000 if you are the
depositor and by the argument 1000 if you are the bank.
Syntax: PV(rate,nper,pmt,fv,type)
rate The interest rate per period. For example, if you obtain an automobile loan at a 10
percent annual interest rate and make monthly payments, your interest rate per
month is 10%/12, or 0.83%. You would enter 10%/12, or 0.83%, or 0.0083, into the
formula as the rate.
nper The total number of payment periods in an annuity. For example, if you get a four-
year car loan and make monthly payments, your loan has 4*12 (or 48) periods. You
would enter 48 into the formula for nper.
pmt The payment made each period and cannot change over the life of the annuity.
Typically, pmt includes principal and interest but no other fees or taxes. For
example, the monthly payments on a $10,000, four-year car loan at 12 percent are
$263.33. You would enter -263.33 into the formula as the pmt. If pmt is omitted, you
must include the fv argument.

is 0). For example, if you want to save $50,000 to pay for a special project in 18
years, then $50,000 is the future value. You could then make a conservative guess at
an interest rate and determine how much you must save each month. If fv is omitted,
you must include the pmt argument.
assumed to be 0.
Example:
Formula Result
PV([Rate],[Years Money Will Present value of an annuity with the terms above (-59,777.15).
Pay],[Payment], ,0) The result is negative because it represents money that you would
where the value in the Rate pay, an outgoing cash flow. If you are asked to pay (60,000) for
field is 0.08/12, the value in the annuity, you would determine this would not be a good
the Years Money Will Pay investment because the present value of the annuity (59,777.15) is
field is 20*12, and the value in less than what you are asked to pay.
the Payment field is 500.
Note: The interest rate is divided by 12 to get a monthly rate. The
years the money is paid out is multiplied by 12 to get the number
of payments.
RATE Function
The RATE function returns the interest rate per period of an annuity. RATE is calculated by
iteration and can have zero or more solutions. If the successive results of RATE do not converge to
within 0.0000001 after 20 iterations, RATE returns an error.
Syntax: RATE(nper,pmt,pv,fv,type,guess)

Note: Make sure that you are consistent about the units you use for specifying guess
and nper. If you make monthly payments on a four-year loan at 12 percent annual
interest, use 12%/12 for guess and 4*12 for nper. If you make annual payments on
the same loan, use 12% for guess and 4 for nper.
pmt The payment made each period and cannot change over the life of the annuity.
Typically, pmt includes principal and interest but no other fees or taxes. If pmt is
omitted, you must include the fv argument.
pv The present value — the total amount that a series of future payments is worth now.
is 0).
assumed to be 0.
guess Your guess for what the rate will be.

If you omit guess, it is assumed to be 10 percent.
If RATE does not converge, try different values for guess. RATE usually converges
if guess is between 0 and 1.
Note: Make sure that you are consistent about the units that you use for specifying
guess and nper. If you make monthly payments on a four-year loan at 12 percent
annual interest, use 12%/12 for guess and 4*12 for nper. If you make annual
payments on the same loan, use 12% for guess and 4 for nper.
Examples:
Formula Result
RATE([Years of Loan],[Monthly Payment],[Amount of Loan]) Monthly rate of the loan with

where the value in the Years of Loan field is 4*12, the value in the the given terms (1%)
Monthly Payment field is -200, and the value in the Amount of
Loan field is 8000.

Formula Result
RATE([Years of Loan],[Monthly Payment],[Amount of Loan])*12 Annual rate of the loan with

where the value in the Years of Loan field is 4*12, the value in the the given terms (0.09241767
Monthly Payment field is -200, and the value in the Amount of or 9.24%)
Loan field is 8000.
SLN Function
The SLN function returns the straight-line depreciation of an asset for one period.
Syntax: SLN(cost,salvage,life)
asset).
life The number of periods over which the asset is depreciated (sometimes called the
useful life of the asset).
Example:
Formula Result
SLN([Cost],[Salvage Value],[Years of Useful Life]) The depreciation

where the value in the Cost field is 30,000, the value in the Salvage allowance for each year
Value field is 7,500, and the value in the Years of Useful Life field is (2,250)
10.
SYD Function
The SYD function returns the sum-of-years' digits depreciation of an asset for a specified period.
Syntax: SYD(cost,salvage,life,per)

asset).
per The period and must use the same units as life.
Examples:
Formula Result
SYD([Initial Cost],[Salvage Value],[Lifespan in Years],1) Yearly depreciation

where the value in the Initial Cost field is 30,000, the value in the allowance for the first year
Salvage Value field is 7,500, and the value in the Lifespan in Years (4,090.91)
field is 10.
SYD([Initial Cost],[Salvage Value],[Lifespan in Years],10) Yearly depreciation

where the value in the Initial Cost field is 30,000, the value in the allowance for the tenth
Salvage Value field is 7,500, and the value in the Lifespan in Years year (409.09)
field is 10.
VDB Function
The VDB function returns the variable declining balance of an asset for a specified period, including
partial periods. This function uses the double-declining balance method, or another method if you
specify.
Syntax: VDB(cost,salvage,life,start_period,end_period,factor,no_switch)
asset).
start_period The starting period for which you want to calculate the depreciation.
Note: The start_period must have the same units as the life parameter.

end_period The ending period for which you want to calculate the depreciation.
Note: The end_period must have the same units as the life parameter.
factor The rate at which the balance declines. If no factor is specified, the function will
assume a value of 2 (the double-declining balance method).
no_switch A logical value specifying whether to switch to straight-line depreciation when

depreciation is greater than the declining balance calculation.
If the value is "TRUE" the function will not switch to straight-line depreciation. If
the value is "FALSE" the function will switch to straight-line depreciation when the
depreciation is greater than the declining balance calculation.
Examples:
Formula Result
VDB([Cost],[Salvage Value],[Years of Useful Life],0,1) 6000

where the value in the Cost field is 30,000, the value in the Salvage This is the first year
Value field is 7,500, and the value in the Years of Useful Life field is depreciation.
10.
VDB([Cost],[Salvage Value],[Years of Useful Life],2,3) 3840

where the value in the Cost field is 30,000, the value in the Salvage This is the depreciation
Value field is 7,500, and the value in the Years of Useful Life field is between years two and
10. three.
AND Function
The AND function evaluates logical conditions. If all of its conditions are TRUE, the function will
return TRUE. If one or more of its conditions is FALSE, the function will return FALSE. The AND
function must be used in conjunction with an IF function.
Return Type: TRUE or FALSE
Syntax: AND(logical1, logical2,...)
logical1, Conditions that can be evaluated to TRUE or FALSE. This condition can be written
logical2, with any comparison operator (=, <, >, <=, >=, <>). An example of how this
and so on parameter might be formatted is [Field 1]>20.
Examples:

Formula Result
IF(AND([Age] > 1, [Age] < 50)) TRUE

where the value in the Age field is 35.
IF(AND([Severity] = 10, [Impact] > 7)) FALSE

where the value in the Severity field is 10 and the value in the Impact field is 3.
IF Function
The IF function evaluates a logical condition, and if the condition is TRUE, one value is returned. If
the condition is FALSE, another value is returned. The IF function can also be nested to construct
more elaborate tests, as shown in the following example:
IF([Rating]>15,"A", IF([Rating]>10,"B", IF([Rating]>5," C")))
For more information on nesting IF functions, see the fourth example in the "Examples" section
below.
Return Type: Text, numeric, date or a Values List field selection, depending on the type of data
supplied for the value_if_true and value_if_false parameters
Syntax: IF(logical_test, value_if_true, value_if_false)
logical_test Any condition that can be evaluated to TRUE or FALSE. This condition can be
written with any comparison operator (=, <, >, <=, >=, <>). An example of how this
parameter might be formatted is [Field 1]>20.
value_if_ The value that is returned if the logical_test parameter is TRUE. This parameter can
true be formatted as a text string, such as "High Risk", or as a Values List field
selection, such as VALUEOF("Urgent"). The parameter can also be formatted as
another formula, such as SUM([Field 1],[Field 2]).
value_if_ The value that is returned if the logical_test parameter is FALSE. This parameter
false can be formatted as a text string, such as "Low Risk", or as a Values List field
selection, such as VALUEOF("Not Urgent"). The parameter can also be formatted
as another formula, such as SUM([Field 1],[Field 3]). If this parameter is omitted
from the formula and the logical_test parameter evaluates to FALSE, the calculated
field will return empty (no value).
Examples:

Formula Result
IF([Days Since Last Virus Scan] > 1, "High risk", "Low risk") High
where the value in the Days Since Last Virus Scan field is 3. risk
IF([Rating] = 10, "Follow up") The

where the value in the Rating field is 7. field
will
return
empty.
IF([Severity] >= 10, VALUEOF("Urgent"), VALUEOF("Not Urgent")) Urgent

where the value in the Severity field is 10.
IF([Rating] > 15, "A", IF([Rating] > 10, "B", IF([Rating] > 5, "C"))) B
where the value in the Rating field is 12.
Note: In this example of nested IF statements, the second IF statement serves as the
value_if_false parameter to the first IF statement, and the third IF statement serves as
the value_if_false parameter to the second IF statement. Because the value of the Rating
field in this example is 12, the first IF statement does not prove TRUE, so the second IF
statement is evaluated and, in this case, proves TRUE. If the value of the Rating field
were 8, the second IF statement would also prove FALSE, and the third IF statement
would be evaluated.
NOT Function
The NOT function evaluates a logical condition. If the condition is TRUE, the function returns the
value of FALSE. If the condition is FALSE, the function returns the value of TRUE. Use the NOT
function when you want to ensure that a value is not equal to one particular value.
Syntax: NOT(logical_test)
logical_test Any condition that can be evaluated to TRUE or FALSE. This condition can be
written with any comparison operator (=, <, >, <=, >=, <>). An example of how this
parameter might be formatted is [Field 1]>20.
Examples:

Formula Result
NOT([Rating] = 10) FALSE

where the value in the Rating field is 10.
NOT([Number of Clients in Attendance] > 20) TRUE

where the value in the Number of Clients in Attendance field is 12.
OR Function
The OR function evaluates logical conditions. If any of the condition evaluates to TRUE, the
function returns the value of TRUE. If none of conditions evaluate to TRUE, the function returns the
value of FALSE.
Syntax: OR(logical1, logical2,...)
logical1, Conditions that can be evaluated to TRUE or FALSE. This condition can be written
logical2, with any comparison operator (=, <, >, <=, >=, <>). An example of how this
and so on parameter might be formatted is [Field 1]>20.
Examples:
Formula Result
OR([Risk] = 4, [Criticality] = 7) True (because one of the two parameters

where the value in the Risk field is 4 and the value in evaluated TRUE)
the Criticality field is 2.
OR([Risk] = 4, [Criticality] = 7) False (because both of the parameters

where the value in the Risk field is 9 and the value in evaluated FALSE)
the Criticality field is 5.
ABS Function
The ABS function returns the absolute value of a number. The absolute value of a number is the
distance of a number from zero.
Syntax: ABS(number)

number The number for which you want to return the absolute value.
Examples:
Formula Result
ABS(-8) 8
ABS([Yearly Profit]) 1234

where Yearly Profit is a Numeric field with a value of -1234.
ACOS Function
The ACOS function returns the arccosine (inverse cosine) of an angle. The returned value is
expressed in radians.
Syntax: ACOS(number)
Number The cosine of the angle for which you want to determine the arccosine. The value
for this parameter must be between -1 and 1.
Examples:
Formula Result
ACOS(.5) 1.047198
ACOS([Angle Cosine]) .785398

where Angle Cosine is a Numeric field with a value of .707107.
ACOSH Function
The ACOSH function returns the inverse hyperbolic cosine of a number.
Syntax: ACOSH(number)
Number The number for which you want to determine the inverse hyperbolic cosine. The
value for this parameter must be greater than or equal to 1.

Examples:
Formula Result
ACOSH(1) 0
ACOSH([Number]) 2.292432
where Number is a Numeric field with a value of 5.
ASIN Function
The ASIN function returns the arcsine (inverse sine) of an angle. The returned value is expressed in
radians.
Syntax: ASIN(number)
Number The sine of the angle for which you want to determine the arcsine. The value for
this parameter must be between -1 and 1.
Examples:
Formula Result
ASIN(.5) .523599
ASIN([Angle Sine]) 1.570796

where Angle Sine is a Numeric field with a value of 1.
ASINH Function
The ASINH function returns the inverse hyperbolic sine of a number.
Syntax: ASINH(number)
Number The number for which you want to determine the inverse hyperbolic sine. The value
for this parameter must be greater than or equal to 1.
Examples:

Formula Result
ASINH(1) .881374
ASINH([Number]) 2.312438
where Number is a Numeric field with a value of 5.
ATAN Function
The ATAN function returns the arctangent (inverse tangent) of an angle. The returned value is
expressed in radians.
Syntax: ATAN(number)
Number The tangent of the angle for which you want to determine the arctangent.
Examples:
Formula Result
ATAN(.5) .463648
ATAN([Angle Tangent]) .785398

where Angle Tangent is a Numeric field with a value of 1.
ATAN2 Function
The ATAN2 function returns the arctangent (inverse tangent) of a specified set of x/y coordinates.
The returned value is expressed in radians.
Syntax: ATAN2(x_number, y_number)
x_number The x coordinate of a point.
y_number The y coordinate of a point.
Examples:

Formula Result
ATAN2(2,2) .785398
ATAN2([X Point],[Y Point]) 1.373401

where X Point and Y Point are Numeric fields with values of 1 and 5, respectively.
ATANH Function
The ATANH function returns the inverse hyperbolic tangent of a number.
Syntax: ATANH(number)
Number The number for which you want to determine the inverse hyperbolic tangent. The
value for this parameter must be between -1 and 1.
Examples:
Formula Result
ATANH(.5) .549306
ATANH([Number]) -.25541
where Number is a Numeric field with a value of
-.25.
CEILING Function
The CEILING function rounds a number, away from zero, to the nearest multiple of significance.
Syntax: CEILING(number, significance)
number The number you want to round. This parameter can be formatted as a Numeric-field
reference (e.g., [field name]) or as another formula that results in a numeric value,
such as SUM([field 1],[field 2]) where field 1 and field 2 are Numeric fields.
significance The multiple to which you want to round.
Example:

Formula Result
CEILING([Score], 1) 3
where the value in the Score field is 2.5
CEILING(SUM([Risk],[Criticality]), 5) 20
where the sum of the values in the Risk and Criticality fields is 17.10
COMBIN Function
The COMBIN function returns the number of combinations for a given number of items. Use
COMBIN to determine the total possible number of groups for a given number of items.
Note: A combination is any set or subset of items, regardless of their internal order. Combinations
are distinct from permutations, for which the internal order is significant.

Syntax: COMBIN(number,number_chosen)
number The number of items. Numeric arguments are truncated to integers.
Note: If nonnumeric, if number < 0 or if number < number_chosen, COMBIN

returns an error.
number_ The number of items in each combination. Numeric arguments are truncated to
chosen integers.
Note: If nonnumeric, if number_chosen < 0 or if number < number_chosen,

COMBIN returns an error.
Example:
Formula Result
COMBIN([Candidates],[Team Size]) 28
where the value in the Candidates field is 8 and the value in the Team Size field is 2.
COS Function
The COS function returns the cosine of the given angle.
Syntax: COS(number)

number The angle in radians for which you want the cosine.
If the angle is in degrees, either multiply the angle by PI()/180 or use the RADIANS
function to convert the angle to radians.
Examples:
Formula Result
=COS(1.047) Cosine of 1.047 radians (0.500171)
=COS(60*PI()/180) Cosine of 60 degrees (0.5)
=COS(RADIANS(60)) Cosine of 60 degrees (0.5)
COSH Function
The COSH function returns the hyperbolic cosine of a number.
Syntax: COSH(number)
number Any real number for which you want to find the hyperbolic cosine.
Examples:
Formula Result
COSH(4) Hyperbolic cosine of 4 (27.30823)
=COSH(EXP(1)) Hyperbolic cosine of the base of the natural logarithm (7.610125)
DEGREES Function
The DEGREES function converts radians into degrees.
Syntax: DEGREES(angle)
angle The angle, in radians, that you want to convert.

Example:
Formula Result
DEGREES(PI()) Degrees of pi radians (180)
EVEN Function
The EVEN function returns the number rounded up to the nearest even integer. You can use this
function for processing items that come in twos. For example, a packing crate accepts rows of one
or two items. The crate is full when the number of items, rounded up to the nearest two, matches the
crate capacity.
Syntax: EVEN(number)
number The value to round. If number is non-numeric, EVEN returns an error. Regardless of
the sign of number, a value is rounded up when adjusted away from zero. If number
is an even integer, no rounding occurs.
Examples:
Formula Result
EVEN(1.5) Rounds 1.5 up to the nearest even integer (2)
EVEN(3) Rounds 3 up to the nearest even integer (4)
EVEN(2) Rounds 2 up to the nearest even integer (2)
EVEN(-1) Rounds -1 up to the nearest even integer (-2)
EXP Function
The EXP function returns e raised to the power of number. The constant e equals 2.71828182845904,
the base of the natural logarithm.
Syntax: EXP(number)

number The exponent applied to the base e. To calculate powers of other bases, use the
exponentiation operator (^). EXP is the inverse of LN, the natural logarithm of
number.
Examples:
Formula Result
EXP(1) Approximate value of e (2.718282)
EXP(2) Base of the natural logarithm e raised to the power of 2 (7.389056)
FACT Function
The FACT function returns the factorial of a number. The factorial of a number is equal to
1*2*3*...* number.
Syntax: FACT(number)
number The non-negative number for which you want the factorial. If number is not an
integer, it is truncated.
Examples:
Formula Result
FACT(5) Factorial of 5, or 1*2*3*4*5 (120)
FACT(1.9) Factorial of the integer of 1.9 (1)
FACT(0) Factorial of 0 (1)
FACT(-1) Negative numbers return an error.
FACT(1) Factorial of 1 (1)
FLOOR Function
The FLOOR function rounds a number down toward zero, to the nearest multiple of significance.
Syntax: FLOOR(number, significance)

number The number that you want to round down to the nearest integer. This parameter can
be formatted as a Numeric-field reference, for example, [field name]), or as another
formula that results in a numeric value, such as SUM([field 1],[field 2]) where field
1 and field 2 are Numeric fields.
significance The multiple to which you want to round.
Examples:
Formula Result
FLOOR([Score], 1) 2
where the value in the Score field is 2.5.
FLOOR(SUM([Risk], [Criticality]), 5) 15
where the sum of the values in the Risk and Criticality fields is 17.10.
INT Function
The INT function rounds a number down to the nearest integer.
Syntax: INT(number)
number The real number you want to round down to an integer.
Examples:
Formula Result
INT(8.9) Rounds 8.9 down (8)
INT(-8.9) Rounds -8.9 down (-9)
LN Function
The LN function returns the natural logarithm of a number. Natural logarithms are based on the
constant e (2.71828182845904).
Syntax: LN(number)

number The positive real number for which you want the natural logarithm. LN is the
inverse of the EXP function.
Examples:
Formula Result
LN(86) Natural logarithm of 86 (4.454347)
LN(2.7182818) Natural logarithm of the value of the constant e (1)
LN(EXP(3)) Natural logarithm of e raised to the power of 3 (3)
LOG Function
The LOG function returns the logarithm of a number to the base that you specify.
Syntax: LOG(number,base)
number The positive real number for which you want the logarithm.
base The base of the logarithm. If base is omitted, it is assumed to be 10.
Examples:
Formula Result
LOG(10) Logarithm of 10 (1)
LOG(8, 2) Logarithm of 8 with base 2 (3)
LOG(86, 2.7182818) Logarithm of 86 with base e (4.454347)
LOG10 Function
The LOG10 function returns the base-10 logarithm of a number.
Syntax: LOG10(number)
number The positive real number for which you want the base-10 logarithm.

Examples:
Formula Result
LOG10(86) Base-10 logarithm of 86 (1.934498451)
LOG10(10) Base-10 logarithm of 10 (1)
LOG10(1E5) Base-10 logarithm of 1E5 (5)
LOG10(10^5) Base-10 logarithm of 10^5 (5)
MOD Function
The MOD function returns the remainder after number is divided by divisor. The result has the same
sign as divisor.
Syntax: MOD(number,divisor)
number The number for which you want to find the remainder.
divisor The number by which you want to divide the number.
Note: If divisor is 0, MOD returns an error.
Examples:
Formula Result
MOD(3,2) Remainder of 3/2 (1)
MOD(-3, 2) Remainder of -3/2. The sign is the same as divisor (1).
MOD(3, -2) Remainder of 3/-2. The sign is the same as divisor (-1).
MOD(-3, -2) Remainder of -3/-2. The sign is the same as divisor (-1).
ODD Function
The ODD function returns number rounded up to the nearest odd integer.
Syntax: ODD(number)

number The value to round.
Note: If number is non-numeric, ODD returns an error. Regardless of the sign of

number, a value is rounded up when adjusted away from zero. If number is an odd
integer, no rounding occurs.
Examples:
Formula Result
ODD(1.5) Rounds 1.5 up to the nearest odd integer (3)
ODD(3) Rounds 3 up to the nearest odd integer (3)
ODD(2) Rounds 2 up to the nearest odd integer (3)
ODD(-1) Rounds -1 up to the nearest odd integer (-1)
ODD(-2) Rounds -2 up to the nearest odd integer (-3)
PI Function
The PI function returns the number 3.14159265358979, the mathematical constant pi, accurate to 15
digits.
Syntax: PI()
Examples:
Formula Result
PI() Pi (3.14159265358979)
PI()/2 Pi/2 (1.570796327)
PI()*(3^2) Area of a circle, with the radius given (28.27433388)
POWER Function
The POWER function returns the result of a number raised to a power.
Note: The "^" operator can be used instead of POWER to indicate to what power the base number is
to be raised, such as in 5^2.

Syntax: POWER(number,power)

number The base number. It can be any real number.
power The exponent to which the base number is raised.
Examples:
Formula Result
POWER(5,2) 5 squared (25)
POWER(98.6,3.2) 98.6 raised to the power of 3.2 (2401077)
POWER(4,5/4) 4 raised to the power of 5/4 (5.656854)
PRODUCT Function
The PRODUCT function multiplies all the numbers given as arguments and returns the product. The
PRODUCT function is useful when you need to multiply many fields together.
Syntax: PRODUCT(number1,number2,...)
number1 The number or range that you want to multiply.
Note: If an argument is a reference, only numbers in the reference are multiplied.

Empty fields, logical values, and text in the reference are ignored.
number2,... Additional numbers or ranges that you want to multiply, up to a maximum of 255
arguments.
Examples:
Formula Result
PRODUCT( REF( [Data Set], [Values])) 2250

where Data Set is a cross-reference field and the values in the Values field are 5, 15,
and 30.
PRODUCT( REF( [Data Set], [Values]),2) 4500

where Data Set is a cross-reference field and the values in the Values field are 5, 15,
and 30.

QUOTIENT Function
The QUOTIENT function returns the integer portion of a division by discarding the remainder.
Syntax: QUOTIENT(numerator, denominator)
numerator The number representing the dividend for a division operation.
denominator The number representing the divisor for a division operation.
Examples:
Formula Result
QUOTIENT (42, 5) 8
where 42 / 5 = 8.4.
QUOTIENT (11.5, 2.15) 5

where 11.5 / 2.15 = 5.348837209.
QUOTIENT (-33, 4.08) -8

where -33 / 4.08 = -8.088235294.
QUOTIENT ([Rating], [Rank]) 15

where the value of Rating is 92.68, the value of Rank is 6, and [Rating] / [Rank] =
15.44666667.
RADIANS Function
The RADIANS function converts degrees to radians.
Syntax: RADIANS(angle)
angle An angle in degrees that you want to convert.
Example:

Formula Result
RADIANS(270) 270 degrees as radians (4.712389 or 3π/2 radians)
RAND Function
The RAND function returns an evenly distributed random real number greater than or equal to 0 and
less than 1. A new random real number is returned every time the worksheet is calculated.
To generate a random real number between a and b, use:
RAND()*(b-a)+a
Syntax: RAND()
Examples:
Formula Result
RAND() A random number between 0 and 1 (varies).
RAND()*100 A random number greater than or equal to 0 but less than 100 (varies).
ROUND Function
The ROUND function rounds a number to a specified number of digits.
Syntax: ROUND(number, num_digits)
number The number that you want to round. This parameter can be formatted as a Numeric-
field reference, for example, [field name], or as another formula that results in a
numeric value, such as SUM([field 1],[field 2]) where field 1 and field 2 are
Numeric fields.

num_digits Specifies the number of digits to which you want to round the number. If the num_
digits parameter is greater than 0 (zero), the number is rounded to the specified
number of decimal places. If the num_digits parameter is equal to 0, the number is
rounded to the nearest integer. If the num_digits parameter is less than 0, the number
is rounded to the left of the decimal point to the specified number of decimal places.
For example, if the num_digits parameter is -1 and the number is 101.5, the number
would be rounded to 100.
Note: In the case of a tie, the function rounds to the nearest even number. For
example, if the num_digits parameter is 0, 1.5 and 2.5 would both round to 2. If the
num_digits parameter is 2, 3.575 and 3.585 would both round to 3.58.
Examples:
Formula Result
ROUND([Score], 0) 23
ROUND(SUM ([Risk], [Criticality]), 2) 17.08

where the value in the Risk field is 12.725 and the value in the Criticality field is 4.351.
ROUNDDOWN Function
The ROUNDDOWN function rounds a number down, toward zero. ROUNDDOWN behaves like
ROUND, except that it always rounds a number down.
Syntax: ROUNDDOWN(number,num_digits)
number Any real number that you want rounded down.
num_digits The number of digits to which you want to round the number.
Note: If num_digits is greater than 0 (zero), the number is rounded down to the
specified number of decimal places. If num_digits is 0, the number is rounded down
to the nearest integer. If num_digits is less than 0, the number is rounded down to
the left of the decimal point.
Examples:

Formula Result
ROUNDDOWN(3.2,0) Rounds 3.2 down to zero decimal places (3)
ROUNDDOWN(76.9,0) Rounds 76.9 down to zero decimal places (76)
ROUNDDOWN( Rounds 3.14159 down to three decimal places (3.141)

3.14159,3)
ROUNDDOWN(- Rounds -3.14159 down to one decimal place

3.14159,1) (-3.1)
ROUNDDOWN Rounds 31415.92654 down to 2 decimal places to the left of the

(31415.92654,-2) decimal (31400)
ROUNDUP Function
The ROUNDUP function rounds a number up, away from 0 (zero). ROUNDUP behaves like
ROUND, except that it always rounds a number up.
Syntax: ROUNDUP(number,num_digits)
number Any real number that you want rounded up.
num_digits The number of digits to which you want to round the number.
Note: If num_digits is greater than 0 (zero), the number is rounded up to the

specified number of decimal places. If num_digits is 0, the number is rounded up to
the nearest integer. If num_digits is less than 0, the number is rounded up to the left
of the decimal point.
Examples:
Formula Result
ROUNDUP(3.2,0) Rounds 3.2 up to zero decimal places (4)
ROUNDUP(76.9,0) Rounds 76.9 up to zero decimal places (77)
ROUNDUP(3.14159, 3) Rounds 3.14159 up to three decimal places (3.142)
ROUNDUP(-3.14159, 1) Rounds -3.14159 up to one decimal place (-3.2)
ROUNDUP(31415.92654, Rounds 31415.92654 up to 2 decimal places to the left of the decimal

-2) (31500)

SIGN Function
The SIGN function determines the sign of a number. If the number is positive, the function returns 1,
zero (0) if the number is 0, and -1 if the number is negative.
Syntax: SIGN(number)
number Any real number.
Examples:
Formula Result
SIGN(10) Sign of a positive number (1)
SIGN(4-4) Sign of zero (0)
SIGN(-0.00001) Sign of a negative number (-1)
SIN Function
The SIN function returns the sine of a given angle.
Syntax: SIN(number)
number The angle in radians for which you want the sine.
Note: If your argument is in degrees, multiply it by PI()/180 or use the RADIANS

function to convert it to radians.
Examples:
Formula Result
SIN(PI()) Sine of pi radians (0, approximately)
SIN(PI()/2) Sine of pi/2 radians (1)
SIN(30*PI()/180) Sine of 30 degrees (0.5)
SIN(RADIANS(30)) Sine of 30 degrees (0.5)

SINH Function
The SINH function returns the hyperbolic sine of a number.
Syntax: SINH(number)
Examples:
Formula Result
SINH(1) Hyperbolic sine of 1 (1.175201194)
SINH(-1) Hyperbolic sine of -1 (-1.175201194)
You can use the hyperbolic sine function to approximate a cumulative probability distribution. When
a laboratory test value varies between 0 and 10 seconds. An empirical analysis of the collected
history of experiments shows that the probability of obtaining a result, x, of less than t seconds is
approximated by the following equation:
P(x<t) = 2.868 * SINH(0.0342 * t), where 0<t<10
To calculate the probability of obtaining a result of less than 1.03 seconds, substitute 1.03 for t.
Formula Result
2.868*SINH Probability of obtaining a result of less than 1.03 seconds (0.101049063).

(0.0342*1.03) You can expect this result to occur about 101 times for every 1000
experiments.
SQRT Function
The SQRT function returns a positive square root.
Syntax: SQRT(number)
number The number for which you want the square root.
Note: If number is negative, SQRT returns an error.
Example:

Formula Result
SQRT(16) Square root of 16 (4)
SUM Function
The SUM function adds all of the numbers in the specified parameters. If the SUM function
references a multi-selection values list, it can be used with the SELECTED function to return the
sum of the numeric values for each of the currently selected items.
Syntax: SUM(number1, number2,...)
number1, Parameters for which you want the total value. These parameters can be entered as
number2, hard-coded values, for example, 2, or Numeric-field references, for example, [field
name]. Referenced fields can reside within the application or within Sub-Form,
Cross-Reference, or Related Records fields.
Examples:
Formula Result
SUM(3, [Risk]) 15
where the value in the Risk field is 12.
SUM([Risk], [Criticality]) 19
where the value in the Risk field is 12 and the value in the Criticality field is 7.
SUM(REF([Orders],[Price])) 202.94
where the value in the Price field within the Orders sub-form are 120.00, 50.19, and
32.75.
SUM(SELECTEDVALUENUMBER([Key Factors])) 25
where Key Factors is a multi-selection Values List field and the numeric values of the
current selections are 3, 8, 4, and 10.
SUMIF Function
The SUMIF function sums the values of a specified Numeric field across all records in a Sub-Form,
Cross-Reference, Related Records, or Scheduler field that contain a specific value in a given field.
For example, you can return the sum of all Price field values across all cross-referenced records in
which the Status field is set to “Shipped.”

Syntax: SUMIF(eval_field_ref, criterion, sum_field_ref)

eval_field_ The reference to the field against which the criterion will be evaluated.
ref
Note: If sum_field_ref is not passed to SUMIF, eval_field_ref will also act as the
field to sum.
criterion The test that will be performed against eval_field_ref to determine whether a given
record will be qualified for the sum operation. The criterion can involve Values List,
User/Groups List, and Record Permissions fields as well as fields containing
numeric, text, and date type values.
l Values Lists. If eval_field_ref is a Values List field, enclose the criterion value
in VALUEOF or supply it as a quoted literal string, for example, "Dallas".
l User/Groups List and Record Permissions Fields. If eval_field_ref is a

User/Groups List or Record Permissions field, enclose the criterion value in
USER or GROUP (as appropriate for the criterion).
l Text, Numeric, or Date Fields. If eval_field_ref is a Text, Numeric, or Date

field, the criterion must be enclosed in quotes, for example, ">56", and the
criterion can involve any of the supported comparison operators (=, <, >, <=, >=,
<>).
Note: The evaluation will always result in no matches if there is a space between
the operator and the test value. For example, if the intent is to sum a given Numeric
field across all sub-form records where a another given field contains a numeric
value greater than 56, a space cannot appear in the formula between the ">" and the
"56"
If a function is used in the criterion, the function must be concatenated to the

comparison operator. For example, the proper criterion syntax for specifying
"greater than today" would be:
">"&TODAY( )
The criterion parameter supports the use of literal dates or a date value derived from
the TODAY function. If a literal date string is specified, it must be wrapped in a
DATETIMEVALUE function.

sum_field_ The reference to a Numeric field that will be summed across all qualified records.
ref
field to sum.
Examples:
Formula Result
SUMIF(REF([Cases], [Status]), VALUEOF(REF([Cases], [Status]), "Open"),REF 832

([Cases], [Time Spent]))
where:
l The name of the Cross-Reference field is Cases.
l The Status Values List field contains the values to be evaluated.
l The criterion for matching on the Status field is the selection “Open”.
l Time Spent is a Numeric field containing the numeric values to be summed.
l The sum of Time Spent across all “Open” cases is 832 minutes.
SUMIF(REF([Items], [Line Item Cost]), ">5.99",REF([Items], [Line Total])) 2378.10

where:
l The name of the Sub-Form field is Items.
l The Line Item Cost Numeric field in the related sub-form contains the data to be
evaluated.
l The criterion for matching on Line Item Cost is values greater than 5.99.
l Line Total is a Numeric field containing the numeric values to be summed.
l The sum of Line Total across all sub-form records where Line Item Cost is greater
than 5.99 is 2378.10.

Formula Result
SUMIF(REF([Properties], [Sale Price]), ">=150000") 2654887

where:
l The name of the Cross-Reference field is Properties.
l The Sale Price Numeric field in the related application contains the data to be
evaluated.
l The criterion for matching on Sale Price is values greater than or equal to 150000.
l The sum of Sale Price across all related records where Line Item Cost is greater than
or equal to 150000 is 1654887.
Note: In this example, the sum_field_ref is not passed to SUMIF. As a result, the
system will use Sale Price for evaluation purposes and for summing.
SUMIF(REF([Properties], [Sale Date]), ">="&DATETIMEVALUE("7/1/2008"),REF 1299000

([Properties], [Sale Price]))
where:
l The Sale Date field in the related application contains the data to be evaluated.
l The criterion for matching on Sale Date is dates greater than or equal to 7/1/2008.
l Sale Price is a Numeric field containing the numeric values to be summed.
l The sum of Sale Price across all related records where Sales Date is greater than or
equal to 7/1/2008 is 1299000.
SUMPRODUCT Function
The SUMPRODUCT function multiplies corresponding components in the given sets of fields, and
returns the sum of those products.
Syntax: SUMPRODUCT(values1,values2,values3, ...)

values1, 2 to 255 sets of values whose components you want to multiply and then add.
values2,
values3, ... Note: The respective arguments must have the same dimensions. If they do not,
SUMPRODUCT returns an error. SUMPRODUCT treats field entries that are not
numeric as if they were zeros.
Example:
Formula Result
SUMPRODUCT(REF([Data Set],[Values1]),REF Multiplies all the components of the two

([Data Set],[Values2])) arrays and then adds the products — that
where Data Set is a cross-reference field and the is, 3*2 + 4*7 + 8*6 + 6*7 + 1*5 + 9*3.
values in the Values1 field are 3, 4, 8, 6, 1, and 9, (156)
and the values in the Values2 field are 2, 7, 6, 7, 5,
and 3.
SUMSQ Function
The SUMSQ function returns the sum of the squares of the arguments.
Syntax: SUMSQ(number1,number2, ...)
number1, 1 to 255 arguments for which you want the sum of the squares. You can also use a
number2, ... reference to an array instead of arguments separated by commas.
Note: Arguments can be numbers, names, or references that contain numbers.

Numbers, logical values, and text representations of numbers that you type directly
into the list of arguments are counted. If an argument is a reference, only numbers in
that reference are counted. Empty cells, logical values, text, or error values are
ignored. Arguments that are error values or text that cannot be translated into
numbers cause errors.
Example:
Formula Result
SUMSQ(3,4) Sum of the squares of 3 and 4 (25)

SUMX2MY2 Function
The SUMX2MY2 function returns the sum of the difference of squares of corresponding values in
two sets of fields.
Syntax: SUMX2MY2(values_x,values_y)
values_x The first range of values.
values_y The second range of values.
Note: The arguments should be either numbers, names, or references that contain numbers. If a
reference argument contains text, logical values, or empty cells, those values are ignored; however,
fields with the value zero are included. If values_x and values_y have a different number of values,
SUMX2MY2 returns an error.
Example:
Formula Result
SUMX2MY2(REF([Data Set],[Values1]),REF([Data Set], Sum of the difference of

[Values2])) squares of the two sets of
where Data Set is a cross-reference field, the values in the values given (-55)
Values1 field are 2, 3, 9, 1, 8, 7 and 5 and the values in the
Values2 field are 6, 5, 11, 7, 5, 4 and 4.
SUMX2PY2 Function
The SUMX2PY2 function returns the sum of the sum of squares of corresponding values in two sets
of fields. The sum of the sum of squares is a common term in many statistical calculations.
Syntax: SUMX2PY2(values_x,values_y)
values_x The first set of fields.
values_y The second set of fields.

Note: The arguments should be numbers, names, or references that contain numbers. If a reference
argument contains text, logical values, or empty cells, those values are ignored; however, fields with
the value zero are included. If values_x and values_y have a different number of values,
SUMX2PY2 returns an error.
Example:
Formula Result
SUMX2PY2(REF([Data Set],[Values1]), REF([Data Set], Sum of the sum of squares

[Values2])) of the two sets of fields
where Data Set is a cross-reference field, the values in the Values1 given (521)
field are 2, 3, 9, 1, 8, 7 and 5 and the values in the Values2 field are
6, 5, 11, 7, 5, 4, and 4.
SUMXMY2 Function
The SUMXMY2 function returns the sum of squares of differences of corresponding values in two
sets of fields.
Syntax: SUMXMY2(values_x,values_y)
SUMXMY2 returns an error.
Examples:
Formula Result
SUMXMY2(REF([Data Set],[Values1]), REF([Data Set],[Values2])) Sum of squares of

where Data Set is a cross-reference field, the values in the Values1 differences of the two
field are 2, 3, 9, 1, 8, 7, and 5, and the values in the Values2 field are arrays given (79)
6, 5, 11, 7, 5, 4, and 4.

Formula Result
SUMXMY2({2, 3, 9, 1, 8, 7, 5}, {6, 5, 11, 7, 5, 4, 4}) Sum of squares of

differences of the two
arrays constants (79)
TAN Function
The TAN function returns the tangent of the given angle.
Syntax: TAN(number)
number The angle in radians for which you want the tangent.
Note: If your argument is in degrees, multiply it by PI()/180 or use the RADIANS

function to convert it to radians.
Examples:
Formula Result
TAN(0.785) Tangent of 0.785 radians (0.99920)
TAN(45*PI()/180) Tangent of 45 degrees (1)
TAN(RADIANS(45)) Tangent of 45 degrees (1)
TANH Function
The TANH function returns the hyperbolic tangent of a number.
Syntax: TANH(number)
Examples:
Formula Result
TANH(-2) Hyperbolic tangent of -2 (-0.96403)

Formula Result
TANH(0) Hyperbolic tangent of 0 (0)
TANH(0.5) Hyperbolic tangent of 0.5 (0.462117)
TRUNC Function
The TRUNC function truncates a number to an integer by removing the fractional part of the
number.
Syntax: TRUNC(number, num_digits)
number The number that you want to truncate. This parameter can be formatted as a
Numeric-field reference, for example, [field name], or as another formula that
results in a numeric value, such as SUM([field 1],[field 2]) where field 1 and field 2
are Numeric fields.
num_digits Specifies the precision of the truncation. This parameter is typically omitted;
however, you can include this parameter to truncate a number at a specific decimal
place.
Examples:
Formula Result
TRUNC([Score]) 3
TRUNC([Score], 1) 3.4

Formula Result
IF(TRUNC([Ship Date-Time]) = TODAY( ), “Shipped Today”, “Not Shipped Today”) Shipped

In this example, the Ship Date-Time field is a Date field set to capture date and time Today
information. Date fields technically contain a serial number representing the literal date
and time. Serial numbers are based on the number of days a date is past January 1, 1900.
For example, if the Ship Date-Time field has a value of 9/3/2010 3:17 PM, the value that
will be returned for use by the enclosed TRUNC function will be the serial number
40424.6368055556.
The TODAY function also returns a serial number, but includes only the date portion of
the serial; the time portion (which falls to the right of the decimal in the serial number)
will be omitted. In this example, TRUNC is being used to trim the time portion of the
serial contained in the Ship Date-Time field. This allows the two dates to be compared
without considering the time portion of the Ship Date-Time field.
AVEDEV Function
The AVEDEV function returns the average deviation of a set of values from their mean.
Syntax: AVEDEV(number1, number2,...)
number1, Numbers for which you want to determine the average deviation. You can format
number2, these parameters as hard-coded numeric values, for example, 30, Numeric-field
and so on references, for example, [field name], or as another formula that results in a
Numeric fields.
Note: If a field contains no value (is empty), that value will be ignored and not
included in the final computation of the calculation. Values of 0, however, are
included in the calculation.
Examples:
Formula Result
AVEDEV[Risk], [Criticality], [Availability]) 2.666667

where the value in the Risk field is 5, the value in the Criticality field is 7, and the
value in the Availability field is 12.
AVEDEV([Risk], [Criticality], 30, 10) 8.5


AVERAGE Function
The AVERAGE function returns the average (arithmetic mean) value in a set of values.
Syntax: AVERAGE(number1, number2,...)
number1, Numbers that you want to average. You can format these parameters as hard-coded
number2, numeric values, for example, 30, Numeric-field references, for example, [field
name], or as another formula that results in a numeric value, such as SUM([field 1],
[field 2]) where field 1 and field 2 are Numeric fields.
Examples:
Formula Result
AVERAGE([Risk], [Criticality], [Availability]) 8

where the value in the Risk field is 5, the value in the Criticality field is 7, and the value
in the Availability field is 12.
AVERAGE([Risk], [Criticality], 30) 14

where the value in the Risk field is 5 and the value in the Criticality field is 7
AVERAGEA Function
The AVERAGEA function returns the average deviation of a set of values from their mean and
includes text representation of numbers or logical values.
Syntax: AVERAGEA(number1, number2,...)

number1, Numbers for which you want to determine the average deviation. You can format
number2, these parameters as hard-coded numeric values, for example, 30, Numeric-field
references, for example, [field name], or as another formula that results in a
Numeric fields.
Note: If a field contains no value (is empty) that value will be ignored and not
included in the final computation of the calculation. Values of 0, however, are
included in the calculation.
Note: Fields that contain the text "TRUE" will be evaluated as "1". Fields that
contain the text "FALSE" will be evaluated as "0" (zero).
Examples:
Formula Result
AVERAGEA[Risk], [Criticality], [Offshore Facilities]) 4.333333

value in the Offshore Facilities field is "TRUE",
AVERAGEA([Risk], [Criticality], 30, [Offshore Facilities]) 10.5

value in the Offshore Facilities field is "FALSE",
BINOMDIST Function
The BINOMDIST function returns the individual term binomial distribution probability. Use
BINOMDIST in problems with a fixed number of tests or trials, when the outcomes of any trial are
only success or failure, when trials are independent, and when the probability of success is constant
throughout the experiment. For example, BINOMDIST can calculate the probability that two of the
next three babies born are male.
Syntax: BINOMDIST(number_s,trials,probability_s,cumulative)
number_s The number of successes in trials. Truncated to an integer.
Note: If non-numeric, if number_s < 0, or if number_s > trials, BINOMDIST

returns an error.

trials The number of independent trials. Truncated to an integer.
Note: If non-numeric, BINOMDIST returns an error.
probability_ The probability of success on each trial.

s
Note: If non-numeric, if probability_s < 0, or if probability_s > 1, BINOMDIST
returns an error.
cumulative A logical value that determines the form of the function. If cumulative is TRUE,
then BINOMDIST returns the cumulative distribution function, which is the
probability that there are at most number_s successes; if FALSE, it returns the
probability mass function, which is the probability that there are number_s
successes.
Example:
Formula Result
BINOMDIST([Successes], [Trials], [Probability], FALSE) 0.205078

where the value in the Successes field is 6, the value in the Trials field is 10, and the
value in the Probability field is 0.5.
CHIDIST Function
The CHIDIST function returns the one-tailed probability of the chi-squared distribution. The χ2
distribution is associated with a χ2 test. Use the χ2 test to compare observed and expected values.
For example, a genetic experiment might hypothesize that the next generation of plants will exhibit a
certain set of colors. By comparing the observed results with the expected ones, you can decide
whether your original hypothesis is valid. CHIDIST is calculated as CHIDIST = P(X>x), where X is
a χ2 random variable.
Syntax: CHIDIST(x,degrees_freedom)
x The value at which you want to evaluate the distribution.
Note: If nonnumeric or if x is negative, CHIDIST returns an error.

degrees_ The number of degrees of freedom.

freedom
Note: If non-numeric, CHIDIST returns an error. If degrees_freedom is not an
integer, it is truncated. If degrees_freedom < 1 or degrees_freedom > 10^10,
CHIDIST returns an error.
Example:
Formula Result
CHIDIST(18.307, 10) 0.050001
CHIINV Function
The CHIINV function returns the inverse of the one-tailed probability of the chi-squared distribution.
If probability = CHIDIST(x,...), then CHIINV(probability,...) = x. Use this function to compare
observed results with expected ones to decide whether your original hypothesis is valid.
Note: Given a value for probability, CHIINV seeks that value x such that CHIDIST(x, degrees_
freedom) = probability. Therefore, precision of CHIINV depends on precision of CHIDIST.
CHIINV uses an iterative search technique. If the search has not converged after 100 iterations, the
function returns the #N/A error value.

Syntax: CHIINV(probability,degrees_freedom)
probability A probability associated with the chi-squared distribution.
Note: If nonnumeric, if probability < 0, or if probability > 1, CHIINV returns an

error.
degrees_ The number of degrees of freedom.

freedom
Note: If nonnumeric, if degrees_freedom < 1, or if degrees_freedom > 10^10,
CHIINV returns an error. If degrees_freedom is not an integer, it is truncated.
Example:
Formula Result
CHIINV(0.50001, 10) 18.3069735

CONFIDENCE Function
The CONFIDENCE function returns a value that you can use to construct a confidence interval for a
population mean. The confidence interval is a range of values. Your sample mean, x, is at the center
of this range and the range is x ± CONFIDENCE. For example, if x is the sample mean of delivery
times for products ordered through the mail, x ± CONFIDENCE is a range of population means. For
any population mean, μ0, in this range, the probability of obtaining a sample mean further from μ0
than x is greater than alpha; for any population mean, μ0, not in this range, the probability of
obtaining a sample mean further from μ0 than x is less than alpha. In other words, assume that we
use x, standard_dev, and size to construct a two-tailed test at significance level alpha of the
hypothesis that the population mean is μ0. Then we will not reject that hypothesis if μ0 is in the
confidence interval and will reject that hypothesis if μ0 is not in the confidence interval. The
confidence interval does not allow us to infer that there is probability 1 – alpha that our next package
will take a delivery time that is in the confidence interval.
Syntax: CONFIDENCE(alpha,standard_dev,size)
alpha The significance level used to compute the confidence level. The confidence level
equals 100*(1 - alpha)%, or in other words, an alpha of 0.05 indicates a 95 percent
confidence level.
Note: If non-numeric, if alpha ≤ 0, or if alpha ≥ 1, CONFIDENCE returns an error.
standard_ The population standard deviation for the data range and is assumed to be known.
dev
Note: If nonnumeric or if standard_dev ≤ 0, CONFIDENCE returns an error.
size The sample size.
Note: If nonnumeric or if size < 1, CONFIDENCE returns an error. If size is not an

integer, it is truncated.
Example:
Formula Result
CONFIDENCE([Significance], [Standard Deviation], [Sample Size]) 0.692952

where the value in the Significance field is 0.05, the value in the Standard Deviation
field is 2.5, and the value in the Sample Size field is 50.

CORREL Function
The CORREL function returns the correlation coefficient of two sets of fields. Use the correlation
coefficient to determine the relationship between two properties. For example, you can examine the
relationship between the inside temperature and outside temperature of a location.
Syntax: CORREL(values1,values2)
values1 A set of fields.
values2 A second set of fields.
Note: If a reference argument contains text, logical values or is empty, those values are ignored;
however, the value zero is included. If values1 and values2 have a different number of data points,
CORREL returns an error. If either values1 or values2 is empty, or if s (the standard deviation) of
their values equals zero, CORREL returns an error.
Example:
Formula Result
CORREL(REF([Facilities],[Inside Temperature]), REF([Facilities],[Outside 0.400075

Temperature]))
where Facilities is a cross-reference field, the values in the Inside Temperature field
are 75, 72, and 77 and the values in the Outside Temperature field are 98, 88, and 91.
COUNT Function
The COUNT function counts the number of fields that contain numbers, and counts numbers within
the list of arguments. Use the COUNT function to get the number of entries in a number field that is
in a range of numbers.
Note that:
l Arguments that are numbers, dates, or a text representation of numbers, for example, a number
enclosed in quotation marks, such as "1", are counted.
l Logical values and text representations of numbers that you type directly into the list of arguments
are counted.
l Arguments that are error values or text that cannot be translated into numbers are not counted.

l If an argument is a reference, only numbers in that reference are counted. Empty fields, logical
values, text, or error values in the reference are not counted.
l To count logical values, text, or error values, use the COUNTA function.
l To count only numbers that meet certain criteria, use the COUNTIF function or the COUNTIFS
function.

Syntax: COUNT(value1, value2, ...)
value1 The first item, cell reference, or range within which you want to count numbers.
value2, ... Up to 255 additional items, cell references, or ranges within which you want to
count numbers.
Examples:
Formula Result
COUNT(Sales, 12/8/2008, , 19, 22.24, TRUE, Counts the number of fields that contain
#DIV/0) numbers (3)
COUNT(19, 22.24, TRUE, #DIV/0) Counts the number of fields that contain
numbers (2)
COUNTA Function
The COUNTA function returns any one of the following values:
l The number of items currently selected in a multi-select Values List or Cross-Reference field
l The number of rows (entries) present in a Sub-Form field
l The number of non-null values for a field within a sub-form across all rows in the Sub-Form field
l The number of non-null values for a given field within a cross-referenced application across all
rows (selections) in a Cross-Reference field
l The number of resources assigned in a Scheduler field configured to display the Schedule view.
Any unassigned resources are not included in the number returned.
Note: The COUNTA function is not valid for a Scheduler field configured to display the
Resource view.

Although supported, referencing a field other than a Values List, Cross-Reference, Sub-Form, or
Scheduler field with the COUNTA function is of little use because the return value will always be
either 1 or 0. (If the field has a value, 1 is returned. If the field is empty, 0 is returned.) However,
with Values List and Cross-Reference fields that are configured to allow multiple selections and
with Sub-Form fields with multiple entries, the COUNTA function counts the number of selections
or entries within those fields.
Note: To confidently count the number of rows present in a Sub-Form field, the formula must
reference the Sub-Form field itself rather than referencing a field within the sub-form. Likewise, to
count the number of rows present in a Cross-Reference field, the formula must reference that Cross-
Reference field and not a field in the related application.

Syntax: COUNTA(field_ref)
field_ref A reference to a field in the application, for example,[Order Detail], a field in a

child sub-form, for example, REF([Order Detail], [Back Order Date]), or a field in
a cross-referenced application, for example, REF([Order Detail], [Vendor Name]).
Examples:
Formula Result
COUNTA([Order Detail]) 12
where Order Detail is a Sub-Form field in the application and the associated sub-form
currently has 12 rows (entries).
COUNTA([Order Detail]) 0
where Order Detail is a Sub-Form field in the application and the associated sub-form
currently has no (0) rows.
COUNTA([Affected Departments]) 8
where Affected Departments is a Values List field in the application and 8 items are
currently selected in the list.
COUNTA([Related Projects]) 3
where Related Projects is a Cross-Reference field in the application and 3 records from
the related application are currently selected in the field.

Formula Result
COUNTA(REF([Order Detail], [Color])) 6

where Order Detail is a Sub-Form field in the application, Color is a non-required field
residing in the associated sub-form and Color is null in 3 out of the 9 sub-form rows
(entries).
COUNT(REF([Related Projects], [Project Manager])) 2

where Related Projects is a Cross-Reference field in the application, Project Manager is
a non-required field residing in the related application and Project Manager is null in 1 of
3 Cross-Reference field rows.
COUNTBLANK Function
The COUNTBLANK function counts empty fields in a specified range of fields. Fields with
formulas that return "" (empty text) are also counted. Fields with zero values are not counted.
Syntax: COUNTBLANK(field_ref)
field_ref The range from which you want to count the blank fields.
Example:
Formula Result
COUNTBLANK([Range]) 4
where the values in the Range field are empty, 6, empty, 4, empty, =IF(1>0,"",""), 27,
and 34.
COUNTIF Function
The COUNTIF function counts the number of records in a Sub-Form, Cross-Reference, Related
Records, or Scheduler field that contain a specific value in a given field. For example, you can count
the number of cross-referenced records that have the value of "Open" in the Status field.
Syntax: COUNTIF(field_ref, criterion)

field_ref The reference to the field that is contained within a Sub-Form, Cross-Reference,
Related Records, or Scheduler field.
criterion The test that will be performed against the referenced child field to determine
whether that field’s values will be included in the count. The criterion can involve
Values List, User/Groups List, and Record Permissions fields as well as fields
containing numeric, text, and date type values.
l Values List Fields. If COUNTIF is being performed against a Values List field,
the criterion value should be enclosed in VALUEOF or supplied as a quoted
literal string, for example, "Dallas").
l User/Groups List and Record Permissions Fields. If COUNTIF is being

performed against a User/Groups List or Record Permissions field, the criterion
value should be enclosed in USER or GROUP (as appropriate for the criterion).
l Text, Date, or Numeric Fields. If COUNTIF is being performed against a Text,

Date, or Numeric field, the criterion must be enclosed in quotes, for example,
">56", and the criterion can involve any of the supported comparison operators
(=, <, >, <=, >=, <>).
Note: The COUNTIF function always returns zero (0) matches if there is a
space between the operator and the test value. For example, if the intent is to
count the number of sub-form records where a given field contains a numeric
value greater than 56, a space cannot appear in the formula between the ">" and
the "56".

"greater than today" would be: ">"&TODAY( ).
Examples:

Formula Result
COUNTIF(REF([Cases], [Status]), VALUEOF(REF([Cases], [Status]), "Open")) 15

where the name of the Cross-Reference field is Cases, the name of the referenced
Values List field in the related application is Status, and the number of cross-referenced
records where the value "Open" is selected in the Status field is 15.
COUNTIF(GETGROUPS(REF([Cases], [Business Owner])), GROUP(NAME, 27

"Finance"))
Record Permissions field in the related application is Business Owner, and the number
of cross-referenced records where the group named "Finance" is selected in the
Business Owner field is 27.
COUNTIF(GETUSERS(REF([Cases], [Business Owner])), USER(NAME, "Lawson, 32

Tracy"))
User/Groups List field in the related application is Business Owner, and the number of
cross-referenced records where the user "Lawson, Tracy" is selected in the Business
Owner field is 32.
COUNTIF(REF([Items], [Price]), ">5.99") 4

where the name of the parent Sub-Form field is Items, the name of the child field in the
Sub-Form is Price, and there are 4 records in the sub form with a Price greater than 5.99.
COUNTIF(REF([Patches], [Patch Date]), TODAY( )) 6

where the name of the parent Cross-Reference field is Patches, the name of the field in
the cross-referenced application is Patch Date, and there are 6 cross-referenced records
where Patch Date equals today’s date.
COUNTIF(REF([Patches], [Patch Date]), "<"&TODAY( )) 8

where the name of the parent Cross-Reference field is Patches, the name of the field in
the cross-referenced application is Patch Date, and there are 8 cross-referenced records
where Patch Date is less than today’s date. In this example, the criterion is being formed
by concatenating the "less than" operator (<) to the TODAY function.
COUNTIF(REF([Orders], [Order Date]), ">="&DATETIMEVALUE("7/23/2008")) 5

where the name of the parent Sub-Form field is Orders, Order Date is a Date field
residing in the sub-form, and there are 5 Order Date values greater than or equal to
7/23/2008.

COVAR Function
The COVAR function returns covariance, the average of the products of deviations for each data
point pair. Use covariance to determine the relationship between two data sets. For example, you
can examine whether greater income accompanies greater levels of education.
Syntax: COVAR(values1, values2)
values1 The first set of integers.
values2 The second set of integers.
Note: The arguments must either be numbers or be names or references that contain numbers. If a
reference argument contains text, logical values or empty fields, those values are ignored; however,
fields with the value zero are included. If values1 and values2 have different numbers of data points,
COVAR returns an error. If either set is empty, COVAR returns an error.
Example:
Formula Result
COVAR(REF([Data Set],[Values1]), REF([Data Set], Covariance, the average of the

[Values2])) products of deviations for each data
where Data Set is a cross-reference field, the values in point pair given (5.2)
Values1 are 3, 2, 4, 5, and 6 and the values in Values2 are
9, 7, 12, 15, and 17.
CRITBINOM Function
The CRITBINOM function returns the smallest value for which the cumulative binomial distribution
is greater than or equal to a criterion value. Use this function for quality assurance applications. For
example, use CRITBINOM to determine the greatest number of defective parts that are allowed to
come off an assembly line run without rejecting the entire lot.
Syntax: CRITBINOM(trials,probability_s,alpha)

trials The number of Bernoulli trials.
Note: If any argument is non-numeric or if trials < 0, CRITBINOM returns an error.

If trials is not an integer, it is truncated.
probability_ The probability of a success on each trial.

s
Note: If any argument is non-numeric, if probability_s is < 0, or if probability_s > 1,
CRITBINOM returns an error.
alpha The criterion value.
Note: If any argument is nonnumeric, if alpha < 0, or if alpha > 1, CRITBINOM

returns an error.
Example:
Formula Result
CRITBINOM([Trials],[Probability of Success], Smallest value for which the cumulative

[Criterion]) binomial distribution is greater than or
where the value in the Trials field is 6, the value in equal to a criterion value (4).
the Probability of Success field is 0.5, and the value
in the Criterion field is 0.75.
DEVSQ Function
The DEVSQ function returns the sum of squares of deviations of data points from their sample
mean.
Syntax: DEVSQ(number1, number2,...)
number1, 1 to 255 arguments for which you want to calculate the sum of squared deviations.
number2,... You can also use a reference to a set of fields instead of arguments separated by
commas. Arguments can either be numbers or names, or references that contain
numbers. Logical values and text representations of numbers that you type directly
into the list of arguments are counted. If a reference argument contains text, logical
values, or empty cells, those values are ignored; however, fields with the value zero
are included. Arguments that are error values or text that cannot be translated into

Example:
Formula Result
DEVSQ(REF([Data Set],[Values1])) Sum of squares of deviations of data

where Data Set is a cross-reference field and the values given from their sample mean (48).
in the Values1 field are 4, 5, 8, 7, 11, 4, and 3.
EXPONDIST Function
The EXPONDIST function returns the exponential distribution. Use EXPONDIST to model the time
between events, such as how long an automated bank teller takes to deliver cash. For example, you
can use EXPONDIST to determine the probability that the process takes at most 1 minute.
Syntax: EXPONDIST(x,lambda,cumulative)
x The value of the function.
Note: If x or lambda is nonnumeric, or if x < 0, EXPONDIST returns an error.
lambda The parameter value.
Note: If x or lambda is nonnumeric or if lambda ≤ 0, EXPONDIST returns an error.
cumulative A logical value that indicates which form of the exponential function to provide. If
cumulative is TRUE, EXPONDIST returns the cumulative distribution function; if
FALSE, it returns the probability density function.
Examples:
Formula Result
EXPONDIST([Function Value],[Parameter Value],TRUE) Cumulative exponential

where the value in the Function Value field is 0.2 and the distribution function (0.864665)
value in the Parameter Value field is 10.
EXPONDIST([Function Value],[Parameter Value],FALSE) Probability exponential distribution

where the value in the Function Value field is 0.2 and the function (1.353353)
value in the Parameter Value field is 10.

FDIST Function
The FDIST function returns the F probability distribution. You can use this function to determine
whether two data sets have different degrees of diversity. For example, you can examine the test
scores of men and women entering high school and determine if the variability in the females is
different from that found in the males. FDIST is calculated as FDIST=P( F>x ), where F is a random
variable that has an F distribution with degrees_freedom1 and degrees_freedom2 degrees of
freedom.
Syntax: FDIST(x,degrees_freedom1,degrees_freedom2)
x The value at which to evaluate the function.
Note: If x is negative, FDIST returns an error.
degrees_ The numerator degrees of freedom.

freedom1
Note: If degrees_freedom1 or degrees_freedom2 is not an integer, it is truncated. If
degrees_freedom1 < 1, if degrees_freedom1 ≥ 10^10, if degrees_freedom2 < 1, or if
degrees_freedom2 ≥ 10^10, FDIST returns an error.
degrees_ The denominator degrees of freedom.

freedom2
Note: If degrees_freedom1 or degrees_freedom2 is not an integer, it is truncated. If
degrees_freedom1 < 1, if degrees_freedom1 ≥ 10^10, if degrees_freedom2 < 1, or if
degrees_freedom2 ≥ 10^10, FDIST returns an error.
Example:
Formula Result
FDIST(15.20686486,[Numerator Degrees of Freedom],[Denominator F probability distribution

Degrees of Freedom]) for the terms (0.01)
where the value in the Numerator Degrees of Freedom field is 6 and the
value in the Denominator Degrees of Freedom field is 4.
FINV Function
The FINV function returns inverse of the F probability distribution. If p = FDIST(x,...), then FINV
(p,...) = x.

The F distribution can be used in an F-test that compares the degree of variability in two data sets.
For example, you can analyze income distributions in the United States and Canada to determine
whether the two countries have a similar degree of income diversity.
FINV can be used to return critical values from the F distribution. For example, the output of an
ANOVA calculation often includes data for the F statistic, F probability, and F critical value at the
0.05 significance level. To return the critical value of F, use the significance level as the probability
argument to FINV.
Given a value for probability, FINV seeks that value x such that FDIST(x, degrees_freedom1,
degrees_freedom2) = probability. Thus, precision of FINV depends on precision of FDIST. FINV
uses an iterative search technique. If the search has not converged after 100 iterations, the function
returns the #N/A error value.
Syntax: FINV(probability,degrees_freedom1,degrees_freedom2)
probability A probability associated with the F cumulative distribution.
Note: If probability < 0 or probability > 1, FINV returns an error.
degrees_ The numerator degrees of freedom.

freedom1
Note: If degrees_freedom1 < 1 or degrees_freedom1 ≥ 10^10, FINV returns an
error. If degrees_freedom1 or degrees_freedom2 is not an integer, it is truncated.
degrees_ The denominator degrees of freedom.

freedom2
Note: If degrees_freedom2 < 1 or degrees_freedom2 ≥ 10^10, FINV returns an
error. If degrees_freedom1 or degrees_freedom2 is not an integer, it is truncated.
Example:
Formula Result
FINV([Probability],[Numerator Degrees of Freedom],[Denominator Inverse of the F

Degrees of Freedom]) probability distribution for
where the value in the Probability field is 0.01, the value in the the terms (15.20686486)
Numerator Degrees of Freedom field is 6, and the value in the
Denominator Degrees of Freedom field is 4.

FISHER Function
The FISHER function returns the Fisher transformation at x. This transformation produces a function
that is normally distributed rather than skewed. Use this function to perform hypothesis testing on the
correlation coefficient.
Syntax: FISHER(x)
x A numeric value for which you want the transformation.
Note: If x is nonnumeric, if x ≤ -1, or if x ≥ 1, FISHER returns an error.
Example:
Formula Result
FISHER(0.75) Fisher transformation at 0.75 (0.972955)
FISHERINV Function
The FISHERINV function returns the inverse of the Fisher transformation. Use this transformation
when analyzing correlations between ranges or sets of fields. If y = FISHER(x), then FISHERINV
(y) = x.
Syntax: FISHERINV(y)
y The value for which you want to perform the inverse of the transformation.
Note: If y is nonnumeric, FISHERINV returns an error.
Example:
Formula Result
FISHERINV(0.972955) Fisher transformation at 0.972955 (0.75)

FORECAST Function
The FORECAST function calculates, or predicts, a future value using existing values. The predicted
value is a y-value for a given x-value. The known values are existing x-values and y-values, and the
new value is predicted using linear regression. You can use this function to predict future sales,
inventory requirements, or consumer trends.
Syntax: FORECAST(x,known_y's,known_x's)
x The data point for which you want to predict a value.
Note: If x is nonnumeric, FORECAST returns an error.
known_y's The dependent set of data.
Note: If known_y's and known_x's are empty or contain a different number of data
points, FORECAST returns an error.
known_x's The independent set of data.
Note: If the variance of known_x's equals zero, FORECAST returns an error. If

known_y's and known_x's are empty or contain a different number of data points,
FORECAST returns an error.
Example:
Formula Result
FORECAST(30, REF([Data Set],[Known Y]), REF([Data Set],[Known Predicts a value for y

X])) given an x value of 30
where Data Set is a cross-reference field, the values in the Known Y (10.60725)
field are 6, 7, 9, 15, and 21 and the values in the Known X field are 20,
28, 31, 38, and 40.
GAMMADIST Function
The GAMMADIST function returns the gamma distribution. You can use this function to study
variables that may have a skewed distribution. The gamma distribution is commonly used in queuing
analysis.
Syntax: GAMMADIST(x,alpha,beta,cumulative)

x The value at which you want to evaluate the distribution.
Note: If x < 0 or if nonnumeric, GAMMADIST returns an error.
alpha A parameter to the distribution.
Note: If nonnumeric, if alpha ≤ 0 or if beta ≤ 0, GAMMADIST returns an error.

When alpha is a positive integer, GAMMADIST is also known as the Erlang
distribution.
beta A parameter to the distribution. If beta = 1, GAMMADIST returns the standard

gamma distribution.
Note: If alpha ≤ 0 or if beta ≤ 0 or if nonnumeric, GAMMADIST returns an error.
GAMMADIST returns the cumulative distribution function; if FALSE, it returns the
probability density function.
Note: For a positive integer n, when alpha = n/2, beta = 2, and cumulative = TRUE,
GAMMADIST returns (1 - CHIDIST(x)) with n degrees of freedom.
Examples:
Formula Result
GAMMADIST([Value to Evaluate Distribution],[Alpha], Probability gamma

[Beta],FALSE) distribution with the terms
where the value in the Value to Evaluate Distribution field is given (.03263913)
10.00001131, the value in the Alpha field is 9, and the value in the
Beta field is 2.
GAMMADIST([Value to Evaluate Distribution],[Alpha], Cumulative gamma

[Beta],TRUE) distribution with the terms
where the value in the Value to Evaluate Distribution field is given (0.068094)
10.00001131, the value in the Alpha field is 9, and the value in the
Beta field is 2.
GAMMAINV Function
The GAMMAINV function returns the gamma cumulative distribution. If p = GAMMADIST(x,...),
then GAMMAINV(p,...) = x.
Syntax: GAMMAINV(probability,alpha,beta)

probability The probability associated with the gamma distribution.
Note: If probability < 0 or probability > 1, GAMMAINV returns an error.
alpha A parameter to the distribution.
Note: If alpha ≤ 0 or if beta ≤ 0, GAMMAINV returns an error.
beta A parameter to the distribution. If beta = 1, GAMMAINV returns the standard

gamma distribution.
Note: If alpha ≤ 0 or if beta ≤ 0, GAMMAINV returns an error.
Note: If any argument is text, GAMMAINV returns the #VALUE! error value.
Given a value for probability, GAMMAINV seeks that value x such that GAMMADIST(x, alpha,
beta, TRUE) = probability. Therefore, precision of GAMMAINV depends on precision of
GAMMADIST. GAMMAINV uses an iterative search technique. If the search has not converged
after 100 iterations, the function returns an error.
Example:
Formula Result
GAMMAINV([Probability],[Alpha],[Beta] Inverse of the gamma cumulative

where the value in the Probability field is 0.068094, the distribution for the terms given
value in the Alpha field is 9, and the value in the Beta (10.00001131)
field is 2.
GAMMALN Function
The GAMMALN function returns the natural logarithm of the gamma function, Γ(x).
Syntax: GAMMALN(x)
x The value for which you want to calculate GAMMALN.
Note: If x is nonnumeric or if x ≤ 0, GAMMALN returns an error. The number e

raised to the GAMMALN(i) power, where i is an integer, returns the same result as
(i - 1)!.

Example:
Formula Result
GAMMALN(4) Natural logarithm of the gamma function at 4 (1.791759)
GEOMEAN Function
The GEOMEAN function returns the geometric mean of a set of positive data. For example, you can
use GEOMEAN to calculate average growth rate given compound interest with variable rates.
Syntax: GEOMEAN(number1,number2,...)
number1,number2,... 1 to 255 arguments for which you want to calculate the mean.
Note: Arguments can be numbers, names, or references that contain

numbers. Logical values and text representations of numbers that you type
directly into the list of arguments are counted. If a reference argument
contains text, logical values, or empty fields, those values are ignored;
however, fields with the value zero are included. Arguments that are error
values or text that cannot be translated into numbers cause errors. If any
data point ≤ 0, GEOMEAN returns an error.
Example:
Formula Result
GEOMEAN(REF([Data Set],[Values]) Geometric mean of the data

where Data Set is a cross-reference field and the values in the set given (5.476987)
Values field are 4, 5, 8, 7, 11, 4, and 3.
HARMEAN Function
The HARMEAN function returns the harmonic mean of a data set. The harmonic mean is the
reciprocal of the arithmetic mean of reciprocals.
Syntax: HARMEAN(number1, number2,...)

number1, 1 to 255 arguments for which you want to calculate the mean.
number2,...
Note: The harmonic mean is always less than the geometric mean, which is always
less than the arithmetic mean. Arguments can either be numbers, names, or
references that contain numbers. Logical values and text representations of numbers
that you type directly into the list of arguments are counted. If a reference argument
contains text, logical values, or empty fields, those values are ignored; however,
fields with the value zero are included. Arguments that are error values or text that
cannot be translated into numbers cause errors. If any data point ≤ 0, HARMEAN
returns an error.
Example:
Formula Result
HARMEAN(REF([Data Set],[Values]) Harmonic mean of the data

where Data Set is a cross-reference field and the values in the set given (5.028376)
Values field are 4, 5, 8, 7, 11, 4, and 3.
HYPGEOMDIST Function
The HYPGEOMDIST function returns the hypergeometric distribution. HYPGEOMDIST returns
the probability of a given number of sample successes, given the sample size, population successes,
and population size. Use HYPGEOMDIST for problems with a finite population, where each
observation is either a success or a failure, and where each subset of a given size is chosen with
equal likelihood.
Syntax: HYPGEOMDIST(sample_s,number_sample,population_s,number_population)
sample_s The number of successes in the sample.
Note: If sample_s < 0 or sample_s is greater than the lesser of number_sample or

population_s, HYPGEOMDIST returns an error. If sample_s is less than the larger
of 0 or (number_sample - number_population + population_s), HYPGEOMDIST
returns an error.

number_ The size of the sample.

sample
Note: If number_sample ≤ 0 or number_sample > number_population,
HYPGEOMDIST returns an error.
population_ The number of successes in the population.

s
Note: If population_s ≤ 0 or population_s > number_population, HYPGEOMDIST
returns an error.
number_ The population size.

population
Note: If number_population ≤ 0, HYPGEOMDIST returns an error.
Note: All arguments are truncated to integers. If any argument is nonnumeric, HYPGEOMDIST
returns an error.
Example:
Formula Result
HYPGEOMDIST([Number of Caramels in Sample],[Sample Size],[Total Hypergeometric

Number of Caramels],[Total Chocolates]) distribution for
where a sampler of chocolates contains 20 pieces. Eight pieces are caramels, sample and
and the remaining 12 are nuts. If a person selects 4 pieces at random, the population
HYPGEOMDIST function returns the probability that exactly 1 piece is a given
caramel. The value in the Number of Caramels in Sample field is 1, the value in (0.363261)
the Sample Size field is 4, the value in the Total Number of Caramels field is 8,
and the value in the Total Chocolates field is 20.
INTERCEPT Function
The INTERCEPT function calculates the point at which a line will intersect the y-axis by using
existing x-values and y-values. The intercept point is based on a best-fit regression line plotted
through the known x-values and known y-values. Use the INTERCEPT function when you want to
determine the value of the dependent variable when the independent variable is 0 (zero). For
example, you can use the INTERCEPT function to predict a metal's electrical resistance at 0° C
when your data points were taken at room temperature and higher.
Syntax: INTERCEPT(known_y's,known_x's)

known_y's The dependent set of observations or data.
Note: If known_y's and known_x's contain a different number of data points or

contain no data points, INTERCEPT returns an error.
known_x's The independent set of observations or data.
Note: If known_y's and known_x's contain a different number of data points or

contain no data points, INTERCEPT returns an error.
Note: The arguments must be either numbers, names, or references that contain numbers. If a
reference argument contains text, logical values, or empty fields, those values are ignored; however,
fields with the value zero are included.
The underlying algorithm used in the INTERCEPT and SLOPE functions is different than the
underlying algorithm used in the LINEST function. The difference between these algorithms can
lead to different results when data is undetermined and collinear. For example, if the data points of
the known_y's argument are 0 and the data points of the known_x's argument are 1:
l INTERCEPT and SLOPE return an error. The INTERCEPT and SLOPE algorithm is designed to
look for one and only one answer, and in this case there can be more than one answer.
l LINEST returns a value of 0. The LINEST algorithm is designed to return reasonable results for
collinear data, and in this case at least one answer can be found.
Example:
Formula Result
INTERCEPT(REF([Data Set],[Y Axis]),REF([Data Set], Point at which a line will intersect the
[X Axis])) y-axis by using the x-values and y-
where Data Set is a cross-reference field, the values in values given (0.0483871)
the Y Axis field are 2, 3, 9, 1, and 8, and the values in the
X Axis field are 6, 5, 11, 7, and 5.
KURT Function
The KURT function returns the kurtosis of a data set. Kurtosis characterizes the relative peakedness
or flatness of a distribution compared with the normal distribution. Positive kurtosis indicates a
relatively peaked distribution. Negative kurtosis indicates a relatively flat distribution.
Syntax: KURT(number1,number2,...)

number1,number2,... 1 to 255 arguments for which you want to calculate kurtosis. Arguments can
either be numbers, names, or references that contain numbers. Logical
values and text representations of numbers that you type directly into the list
of arguments are counted. If a reference argument contains text, logical
values, or empty cells, those values are ignored; however, fields with the
value zero are included. Arguments that are error values or text that cannot
be translated into numbers cause errors.
Note: If there are fewer than four data points, or if the standard deviation of
the sample equals zero, KURT returns an error.
Example:
Formula Result
KURT(REF([Data Set],[Values])) Kurtosis of the data

where Data Set is a cross-reference field and the values in the Values set (-0.1518)
field are 3, 4, 5, 2, 3, 4, 5, 6, 4, and 7.
LARGE Function
The LARGE function returns the k-th largest value in a data set. You can use this function to select
a value based on its relative standing. For example, you can use LARGE to return the highest,
runner-up, or third-place score.
Syntax: LARGE(values,k)
values The set of fields for which you want to determine the k-th largest value.
Note: If the set of fields is empty, LARGE returns an error.
k The position (from the largest) in the set of data to return.
Note: If k ≤ 0 or if k is greater than the number of data points, LARGE returns an

error.
Note: If n is the number of data points in a range, then LARGE(values,1) returns the largest value,
and LARGE(values,n) returns the smallest value.
Examples:

Formula Result
LARGE(REF([Data Set],[Values]),3) 3rd largest number in the

where Data Set is a cross-reference field and the values in the numbers given (5)
Values field are 3, 5, 3, 5, 4, 4, 2, 4, 6, and 7.
LARGE(REF([Data Set],[Values]),7) 7th largest number in the

where Data Set is a cross-reference field and the values in the numbers given (4)
LOGINV Function
The LOGINV function returns the inverse of the lognormal cumulative distribution function of x,
where ln(x) is normally distributed with parameters mean and standard_dev. If p =
LOGNORMDIST(x,...) then LOGINV(p,...) = x. Use the lognormal distribution to analyze
logarithmically transformed data.
Syntax: LOGINV(probability,mean,standard_dev)
probability A probability associated with the lognormal distribution.
Note: If probability < 0 or probability > 1 or if any argument is nonnumeric,

LOGINV returns an error.
mean The mean of ln(x).
Note: If any argument is nonnumeric, LOGINV returns an error.
standard_ The standard deviation of ln(x).

dev
Note: If standard_dev <= 0 or if any argument is nonnumeric, LOGINV returns an
error.
Example:
Formula Result
LOGINV Inverse of the lognormal cumulative distribution function for the terms
(0.039084,3.5,1.2) given (4.000014)

LOGNORMDIST Function
The LOGNORMDIST function returns the cumulative lognormal distribution of x, where ln(x) is
normally distributed with parameters mean and standard_dev. Use this function to analyze data that
has been logarithmically transformed.
Syntax: LOGNORMDIST(x,mean,standard_dev)
x The value at which to evaluate the function.
Note: If x ≤ 0, if standard_dev ≤ 0, or if any argument is nonnumeric,

LOGNORMDIST returns an error.
mean The mean of ln(x).
Note: If any argument is nonnumeric, LOGNORMDIST returns an error.
standard_ The standard deviation of ln(x).

dev
Note: If x ≤ 0, if standard_dev ≤ 0 or if any argument is nonnumeric,
LOGNORMDIST returns an error.
Example:
Formula Result
LOGNORMDIST Cumulative lognormal distribution at 4 with the terms given

(4,3.5,1.2) (0.039084)
MAX Function
The MAX function returns the largest value in a set of values.
Syntax: MAX(value1, value2,...)

value1, Values for which you want to find a maximum value. Only Numeric and Date fields
value2, can be evaluated.
Note: When evaluating a Date field, MAX will return a serial number that
represents the largest date (furthest from January 1, 1900); the function will not
return a date string.
Examples:
Formula Result
MAX([Risk], [Criticality], [Availability]) 12

MAX(REF([Orders], [Price])) 746.99

where the greatest value in the Price field across all the rows in the Orders Sub-Form
field is 746.99.
MAXA Function
The MAXA function returns the largest value in a list of arguments. Unlike the MAX function, the
MAXA function is not restricted to working with only Date and Numeric fields.
Syntax: MAXA(value1, value2,...)

value1, 1 to 255 values for which you want to find the largest value. Note that:
value2,...
l Arguments can be the following: numbers; names or references that contain
numbers; text representations of numbers; or logical values, such as TRUE and
FALSE, in a reference.
l Logical values and text representations of numbers that you type directly into the
list of arguments are counted.
l If an argument is a reference, only values in that reference are used. Empty

fields and text values in the reference are ignored.
l Arguments that are error values or text that cannot be translated into numbers
cause errors.
l Arguments that contain TRUE evaluate as 1; arguments that contain text or

FALSE evaluate as 0 (zero).
l If the arguments contain no values, MAXA returns 0 (zero).
l If you do not want to include logical values and text representations of numbers in
a reference as part of the calculation, use the MAX function.
Example:
Formula Result
MAXA(REF([Data Set],[Values])) Largest of the numbers given.

where Data Set is a cross-reference field and the values in the TRUE evaluates to 1 (1)
Values field are 0, 0.2, 0.5, 0.4 and TRUE.
MEDIAN Function
The MEDIAN function returns the median of the given numbers. The median is the number in the
middle of a set of numbers.
Syntax: MEDIAN(number1, number2,...)

number1, 1 to 255 numbers for which you want the median. Note that:
number2,...
l If there is an even number of numbers in the set, MEDIAN calculates the
average of the two numbers in the middle. See the second formula in the
example.
l Arguments can be numbers, names or references that contain numbers.
l Logical values and text representations of numbers that you type directly into the
list of arguments are counted.
l If a reference argument contains text, logical values, or empty fields, those

values are ignored; however, fields with the value zero are included.
cause errors.
The MEDIAN function measures central tendency, which is the location of the
center of a group of numbers in a statistical distribution. The three most common
measures of central tendency are:
l Average. The arithmetic mean, and is calculated by adding a group of numbers
and then dividing by the count of those numbers. For example, the average of 2,
3, 3, 5, 7, and 10 is 30 divided by 6, which is 5.
l Median. The middle number of a group of numbers; that is, half the numbers
have values that are greater than the median, and half the numbers have values
that are less than the median. For example, the median of 2, 3, 3, 5, 7, and 10 is
4.
l Mode. The most frequently occurring number in a group of numbers. For

example, the mode of 2, 3, 3, 5, 7, and 10 is 3.
For a symmetrical distribution of a group of numbers, these three measures of

central tendency are all the same. For a skewed distribution of a group of numbers,
they can be different.
Examples:

Formula Result
MEDIAN(REF([Data Set],[Values])) Median of the 5 numbers in the list

where Data Set is a cross-reference field and the values in given (3)
the Values field are 1, 2, 3, 4, and 5.
MEDIAN(REF([Data Set],[Values])) Median of all the numbers given, or

where Data Set is a cross-reference field and the values in the average of 3 and 4 (3.5)
the Values field are 1, 2, 3, 4, 5, and 6.
MIN Function
The MIN function returns the smallest value in a set of values.
Syntax: MIN(value1, value2,...)
value1, Values for which you want to find a minimum value. Only Numeric and Date fields
value2, can be evaluated.
Note: When evaluating a Date field, MIN will return a serial number that
represents the smallest date (closest to January 1, 1900); the function will not return
a date string.
Examples:
Formula Result
MIN([Risk], [Criticality], [Availability]) 5

MIN(REF([Orders], [Price])) 10.62

where the smallest value in the Price field across all the rows in the Orders Sub-Form
field is 10.62.
MINA Function
The MINA function returns the smallest value in the list of arguments.
Syntax: MINA(value1, value2,...)

value1, 1 to 255 values for which you want to find the smallest value. Note that:
value2,...
l Arguments can be numbers; names or references that contain numbers; text
representations of numbers; or logical values, such as TRUE and FALSE, in a
reference.
l If an argument is a reference, only values in that reference are used. Empty

fields and text values in the reference are ignored.
l Arguments that contain TRUE evaluate as 1; arguments that contain text or

FALSE evaluate as 0 (zero).
cause errors.
l If the arguments contain no values, MINA returns 0.
l If you do not want to include logical values and text representations of numbers in
a reference as part of the calculation, use the MIN function.
Example:
Formula Result
MINA(REF([Data Set],[Values])) Smallest of the numbers given.

where Data Set is a cross-reference field and the values in the FALSE evaluates to 0 (0)
Values field are FALSE, 0.2, 0.5, 0.4, and 0.8.
MODE Function
The MODE function returns the most frequently occurring, or repetitive, value in a set of data.
Syntax: MODE(number1,number2,...)

number1,number2,... 1 to 255 arguments for which you want to calculate the mode.
Arguments can be numbers, names, or references that contain numbers.
If a reference argument contains text, logical values, or empty fields, those
Arguments that are error values or text that cannot be translated into
If the data set contains no duplicate data points, MODE returns an error.
The MODE function measures central tendency, which is the location of
the center of a group of numbers in a statistical distribution. The three most
common measures of central tendency are:
l Average. The arithmetic mean, and is calculated by adding a group of
numbers and then dividing by the count of those numbers. For example,
the average of 2, 3, 3, 5, 7, and 10 is 30 divided by 6, which is 5.
l Median. The middle number of a group of numbers; that is, half the
numbers have values that are greater than the median, and half the
numbers have values that are less than the median. For example, the
median of 2, 3, 3, 5, 7, and 10 is 4.
l Mode. The most frequently occurring number in a group of numbers. For

example, the mode of 2, 3, 3, 5, 7, and 10 is 3.
For a symmetrical distribution of a group of numbers, these three measures

of central tendency are all the same. For a skewed distribution of a group of
numbers, they can be different.
Example:
Formula Result
MODE(REF([Data Set],[Values])) Mode, or most frequently

where Data Set is a cross-reference field and the values in the occurring number given (4)
Values field are 5.6, 4, 4, 3, 2, and 4.

NEGBINOMDIST Function
The NEGBINOMDIST function returns the negative binomial distribution. NEGBINOMDIST
returns the probability that there will be number_f failures before the number_s-th success, when the
constant probability of a success is probability_s. This function is similar to the binomial distribution,
except that the number of successes is fixed, and the number of trials is variable. Like the binomial,
trials are assumed to be independent.
For example, you need to find 10 people with excellent reflexes, and you know the probability that a
candidate has these qualifications is 0.3. NEGBINOMDIST calculates the probability that you will
interview a certain number of unqualified candidates before finding all 10 qualified candidates.
Syntax: NEGBINOMDIST(number_f,number_s,probability_s)
number_f The number of failures.
Note: If number_f < 0 or number_s < 1, NEGBINOMDIST returns an error.

Number_f and number_s are truncated to integers. If any argument is nonnumeric,
NEGBINOMDIST returns an error.
number_s The threshold number of successes.
Note: Number_f and number_s are truncated to integers. If any argument is

nonnumeric, NEGBINOMDIST returns an error.
probability_ The probability of a success.

s
Note: If probability_s < 0, if probability > 1, or if any argument is nonnumeric,
NEGBINOMDIST returns an error.
Example:
Formula Result
NEGBINOMDIST(10,5,0.25) Negative binomial distribution for the terms given (0.055049)
NORMDIST Function
The NORMDIST function returns the normal distribution for the specified mean and standard
deviation. This function has a very wide range of applications in statistics, including hypothesis
testing.
Syntax: NORMDIST(x,mean,standard_dev,cumulative)

x The value for which you want the distribution.
mean The arithmetic mean of the distribution.
Note: If mean = 0, standard_dev = 1, and cumulative = TRUE, NORMDIST returns

the standard normal distribution, NORMSDIST. If mean or standard_dev is
nonnumeric, NORMDIST returns an error.
standard_ The standard deviation of the distribution.

dev
Note: If standard_dev ≤ 0, NORMDIST returns an error. If mean = 0, standard_dev
= 1, and cumulative = TRUE, NORMDIST returns the standard normal distribution,
NORMSDIST. If mean or standard_dev is nonnumeric, NORMDIST returns an
error.
NORMDIST returns the cumulative distribution function; if FALSE, it returns the
probability mass function.
Note: When cumulative = TRUE, the formula is the integral from negative infinity
to x of the given formula. If mean = 0, standard_dev = 1, and cumulative = TRUE,
NORMDIST returns the standard normal distribution, NORMSDIST.
Examples:
Formula Result
NORMDIST(42,40,1.5,TRUE) Cumulative distribution function for the terms given (0.908789)
NORMDIST(42,40,1.5,FALSE) Probability mass function for the terms given (0.10934005)
NORMINV Function
The NORMINV function returns the inverse of the normal cumulative distribution for the specified
mean and standard deviation.
Given a value for probability, NORMINV seeks that value x such that NORMDIST(x, mean,
standard_dev, TRUE) = probability. Thus, precision of NORMINV depends on precision of
NORMDIST. NORMINV uses an iterative search technique. If the search has not converged after
100 iterations, the function returns the #N/A error value.
Syntax: NORMINV(probability,mean,standard_dev)

probability A probability corresponding to the normal distribution.
Note: If probability < 0 or if probability > 1, NORMINV returns the #NUM! error
value. If any argument is nonnumeric, NORMINV returns the #VALUE! error
value.
Note: If mean = 0 and standard_dev = 1, NORMINV uses the standard normal

distribution. If any argument is nonnumeric, NORMINV returns the #VALUE! error
value.
standard_ The standard deviation of the distribution.

dev
Note: If mean = 0 and standard_dev = 1, NORMINV uses the standard normal
distribution. If any argument is nonnumeric, NORMINV returns the #VALUE! error
value.
Example:
Formula Result
NORMINV Inverse of the normal cumulative distribution for the terms given
(0.908789,40,1.5) (42)
PEARSON Function
The PEARSON function returns the Pearson product moment correlation coefficient, r, a
dimensionless index that ranges from -1.0 to 1.0 inclusive and reflects the extent of a linear
relationship between two data sets.
Syntax: PEARSON(values1,values2)
values1 A set of independent values.
Note: The arguments must be numbers, names or references that contain numbers.
If a reference argument contains text, logical values, or empty fields, those values
are ignored; however, fields with the value zero are included. If values1 and values2
are empty or have a different number of data points, PEARSON returns an error.

values2 A set of dependent values.
Note: The arguments must be numbers, names or references that contain numbers.
If a reference argument contains text, logical values, or empty fields, those values
are ignored; however, fields with the value zero are included. If values1 and values2
are empty or have a different number of data points, PEARSON returns an error.
Example:
Formula Result
PEARSON( REF([Data Set],[Independent Values]), REF([Data Pearson product moment

Set],[Dependent Values])) correlation coefficient for the
where Data Set is a cross-reference field, the values in the data sets given (0.699379)
Independent Values field are 9, 7, 5, 3, and 1 and the values in
the Dependent Values field are 10, 6, 1, 5, and 3.
PERCENTILE Function
The PERCENTILE function returns the k-th percentile of values in a range. You can use this
function to establish a threshold of acceptance. For example, you can decide to examine candidates
who score above the 90th percentile.
Syntax: PERCENTILE(values,k)
values The set of fields that defines relative standing.
Note: If the set is empty or contains more than 8,191 data points, PERCENTILE
returns an error.
k The percentile value in the range 0..1, inclusive.
Note: If k is nonnumeric, if k is < 0 or if k > 1, PERCENTILE returns an error. If k

is not a multiple of 1/(n - 1), PERCENTILE interpolates to determine the value at
the k-th percentile.
Example:

Formula Result
PERCENTILE(REF([Data Set],[Values]),0.3) 30th percentile of the list

where Data Set is a cross-reference field and the values in the given (1.9)
Values field are 1, 3, 2, and 4.
PERCENTRANK Function
The PERCENTRANK function returns the rank of a value in a data set as a percentage of the data
set. This function can be used to evaluate the relative standing of a value within a data set. For
example, you can use PERCENTRANK to evaluate the standing of an aptitude test score among all
scores for the test.
Syntax: PERCENTRANK(values,x,significance)
values The reference to a set of fields with numeric values that defines relative standing.
Note: If the set is empty, PERCENTRANK returns an error.
x The value for which you want to know the rank.
Note: If x does not match one of the values in the field, PERCENTRANK
interpolates to return the correct percentage rank.
significance An optional value that identifies the number of significant digits for the returned
percentage value. If omitted, PERCENTRANK uses three digits (0.xxx).
Note: If significance < 1, PERCENTRANK returns an error.
Examples:
Formula Result
PERCENTRANK(REF([Data Set], Percent rank of 2 in the list given (0.333, because 3

[Values]),2) values in the set are smaller than 2, and 6 are larger
where Data Set is a cross-reference field than 2; 3/(3+6)=0.333)
and the values in the Values field are 13,
12, 11, 8, 4, 3, 2, 1, 1, and 1.

Formula Result
PERCENTRANK(REF([Data Set], Percent rank of 4 in the list given (0.555)

[Values]),4)
where Data Set is a cross-reference field
12, 11, 8, 4, 3, 2, 1, 1, and 1.
PERCENTRANK(REF([Data Set], Percent rank of 8 in the list given (0.666)

[Values]),8)
where Data Set is a cross-reference field
12, 11, 8, 4, 3, 2, 1, 1, and 1.
PERCENTRANK(REF([Data Set], Percent rank of 5 in the list given (0.583, one-

[Values]),5) quarter of the way between the PERCENTRANK
where Data Set is a cross-reference field of 4 and the PERCENTRANK of 8)
12, 11, 8, 4, 3, 2, 1, 1, and 1.
PERMUT Function
The PERMUT function returns the number of permutations for a given number of objects that can be
selected from number objects. A permutation is any set or subset of objects or events where internal
order is significant. Permutations are different from combinations, for which the internal order is not
significant. Use this function for lottery-style probability calculations.
Syntax: PERMUT(number,number_chosen)
number An integer that describes the number of objects.
Note: Both arguments are truncated to integers. If number or number_chosen is

nonnumeric, if number ≤ 0 or if number_chosen < 0, or if number < number_chosen,
PERMUT returns an error.
number_ An integer that describes the number of objects in each permutation.

chosen
Note: Both arguments are truncated to integers. If number or number_chosen is
nonnumeric, if number ≤ 0 or if number_chosen < 0 or if number < number_chosen,
PERMUT returns an error.

Example:
You want to calculate the odds of selecting a winning lottery number. Each lottery number contains
three numbers, each of which can be between 0 (zero) and 99, inclusive. The following function
calculates the number of possible permutations.
Formula Result
PERMUT(100,3) Permutations possible for the terms given (970200)
POISSON Function
The POISSON function returns the Poisson distribution. A common application of the Poisson
distribution is predicting the number of events over a specific time, such as the number of cars
arriving at a toll plaza in 1 minute.
Syntax: POISSON(x,mean,cumulative)
x The number of events.
Note: If x is not an integer, it is truncated. If x or mean is non-numeric, or if x < 0,

POISSON returns an error.
mean The expected numeric value.
Note: If mean < 0, POISSON returns an error.
cumulative A logical value that determines the form of the probability distribution returned. If
cumulative is TRUE, POISSON returns the cumulative Poisson probability that the
number of random events occurring will be between zero and x inclusive; if FALSE,
it returns the Poisson probability mass function that the number of events occurring
will be exactly x.
Examples:
Formula Result
POISSON(2,5,TRUE) Cumulative Poisson probability with the terms given (0.124652)
POISSON(2,5,FALSE) Poisson probability mass function with the terms given (0.084224)
PROB Function
The PROB function returns the probability that values in a range are between two limits. If upper_
limit is not supplied, returns the probability that values in x_range are equal to lower_limit.


Syntax: PROB(x_range,prob_range,lower_limit,upper_limit)
x_range The range of numeric values of x with which there are associated probabilities.
Note: If x_range and prob_range contain a different number of data points, PROB
returns an error.
prob_range A set of probabilities associated with values in x_range.
Note: If any value in prob_range ≤ 0 or if any value in prob_range > 1, PROB

returns an error. If the sum of the values in prob_range is not equal to 1, PROB
returns an error. If x_range and prob_range contain a different number of data
points, PROB returns an error.
lower_limit The lower bound on the value for which you want a probability.
upper_limit The optional upper bound on the value for which you want a probability.
Note: If upper_limit is omitted, PROB returns the probability of being equal to

lower_limit.
Examples:
Formula Result
PROB([X Range],[Set of Probabilities],[Lower Limit]) Probability that

where the values in the X Range field are 0, 1, 2, and 3, the values in the Set of x is 2 (0.1)
Probabilities field are 0.2, 0.3, 0.1, and 0.4, and the value in the Lower Limit
field is 2.
PROB([X Range],[Set of Probabilities],[Lower Limit],[Upper Limit]) Probability that

where the values in the X Range field are 0, 1, 2, and 3, the values in the Set of x is between 1
Probabilities field are 0.2, 0.3, 0.1, and 0.4, the value in the Lower Limit field is and 3 (0.8)
1, and the value in the Upper Limit field is 3.
QUARTILE
The QUARTILE function returns the quartile of a data set. Quartiles often are used in sales and
survey data to divide populations into groups. For example, you can use QUARTILE to find the top
25 percent of incomes in a population.
Syntax: QUARTILE(range,quart)

range The reference to a range of numeric values for which you want the quartile value.
Note: If this parameter is empty, QUARTILE returns an error.
quart Indicates which value to return.

l If quart equals 0, QUARTILE returns Minimum value.
l If quart equals 1, QUARTILE returns First quartile (25th percentile).
l If quart equals 2, QUARTILE returns Median value (50th percentile).
l If quart equals 3, QUARTILE returns Third quartile (75th percentile).
l If quart equals 4, QUARTILE returns Maximum value.
Note: If quart is not an integer, it is truncated. If quart < 0 or if quart > 4,

QUARTILE returns an error. MIN, MEDIAN, and MAX return the same value as
QUARTILE when quart is equal to 0 (zero), 2, and 4, respectively.
Example:
Formula Result
QUARTILE( REF( [Data Set], [Values]), 1) First quartile (25th percentile)

where Data Set is a cross-reference field and the values in the of the data given (3.5)
Values field are 1, 2, 4, 7, 8, 9, 10 and 12.
RANK Function
The RANK function returns the rank of a number in a list of numbers. The rank of a number is its
size relative to other values in a list. (If you were to sort the list, the rank of the number would be its
position.)
RANK gives duplicate numbers the same rank. However, the presence of duplicate numbers affects
the ranks of subsequent numbers. For example, in a list of integers sorted in ascending order, if the
number 10 appears twice and has a rank of 5, then 11 would have a rank of 7 (no number would have
a rank of 6).
For some purposes, you might want to use a definition of rank that takes ties into account. In the
previous example, you would want a revised rank of 5.5 for the number 10. This can be done by
adding the following correction factor to the value returned by RANK. This correction factor is
appropriate both for the case where rank is computed in descending order (order = 0 or omitted) or
ascending order (order = nonzero value).

Correction factor for tied ranks = [COUNT(ref) + 1 – RANK(number, ref, 0) – RANK(number, ref,
1)] / 2.
Syntax: RANK(number,values,order)
number The number whose rank you want to find.
values A reference to a list of numbers. Nonnumeric values are ignored.
order A number specifying how to rank number.

l If order is 0 (zero) or omitted, Archer ranks number as if values were a list
sorted in descending order.
l If order is any non-zero value, Archer ranks number as if values were a list
sorted in ascending order.
Examples:
Formula Result
RANK(3.5,REF([Data Set], Rank of 3.5 in the list given (3)

[Values]),1) The correction factor is (5 + 1 – 2 – 3)/2 = 0.5 and the revised rank
where Data Set is a cross- that takes ties into account is 3 + 0.5 = 3.5. If number occurs only
reference field and the once in ref, the correction factor will be 0, since RANK would not
values in the Values field have to be adjusted for a tie.
are 7, 3.5, 3.5, 1, and 2.
RANK(7,REF([Data Set], Rank of 7 in the list given (5)

[Values]),1)
where Data Set is a cross-
reference field and the
values in the Values field
are 7, 3.5, 3.5, 1, and 2.

RSQ Function
The RSQ function returns the square of the Pearson product moment correlation coefficient through
data points in known_y's and known_x's. For more information, see the PEARSON function. The r-
squared value can be interpreted as the proportion of the variance in y attributable to the variance in
x. Note that:
l Arguments can either be numbers, names, or references that contain numbers.
l Logical values and text representations of numbers that you type directly into the list of arguments
are counted.
l If a reference argument contains text, logical values, or empty fields, those values are ignored;
however, fields with the value zero are included.
l Arguments that are error values or text that cannot be translated into numbers cause errors.

Syntax: RSQ(known_y's,known_x's)
known_y's A set of data points.
known_x's A set of data points.
Note: If known_y's and known_x's are empty or have a different number of data points, RSQ returns
an error. If known_y's and known_x's contain only 1 data point, RSQ returns an error.
Example:
Formula Result
RSQ(REF([Data Set],[Known Y]),REF([Data Set],[Known Square of the Pearson product

X])) moment correlation coefficient
where Data Set is a cross-reference field, the values in the through data points given (0.05795)
Known Y field are 2, 3, 9, 1, 8, 7, and 5, and the values in
the Known X field are 6, 5, 11, 7, 5, 4, and 4.
SKEW Function
The SKEW function returns the skewness of a distribution. Skewness characterizes the degree of
asymmetry of a distribution around its mean. Positive skewness indicates a distribution with an
asymmetric tail extending toward more positive values. Negative skewness indicates a distribution
with an asymmetric tail extending toward more negative values.

Syntax: SKEW(number1,number2,...)
number1,number2,... 1 to 255 arguments for which you want to calculate skewness.

directly into the list of arguments are counted. If a reference argument
contains text, logical values, or empty fields, those values are ignored;
however, fields with the value zero are included. Arguments that are error
values or text that cannot be translated into numbers cause errors. If there
are fewer than three data points, or the sample standard deviation is zero,
SKEW returns an error.
Example:
Formula Result
SKEW(REF([Data Set],[Values])) Skewness of a distribution of the

where Data Set is a cross-reference field and the values in the data set given (0.359543)
SLOPE Function
The SLOPE function returns the slope of the linear regression line through data points in known_y's
and known_x's. The slope is the vertical distance divided by the horizontal distance between any two
points on the line, which is the rate of change along the regression line.
The underlying algorithm used in the SLOPE and INTERCEPT functions is different than the
underlying algorithm used in the LINEST function. The difference between these algorithms can
lead to different results when data is undetermined and collinear. For example, if the data points of
the known_y's argument are 0 and the data points of the known_x's argument are 1, then:
l SLOPE and INTERCEPT return errors. The SLOPE and INTERCEPT algorithm is designed to
look for one and only one answer, and in this case there can be more than one answer.
l LINEST returns a value of 0. The LINEST algorithm is designed to return reasonable results for
collinear data, and in this case at least one answer can be found.

Syntax: SLOPE(known_y's,known_x's)

known_y's A set of numeric dependent data points.
known_x's The set of independent data points.
Note: The arguments must be numbers, names, or references that contain numbers. If a reference
argument contains text, logical values, or empty fields, those values are ignored; however, fields
with the value zero are included. If known_y's and known_x's are empty or have a different number
of data points, SLOPE returns an error.
Example:
Formula Result
SLOPE(REF([Data Set],[Known Y]),REF([Data Set],[Known Slope of the linear regression

X])) line through the data points
where Data Set is a cross-reference field, the values in the Known given (0.305556)
Y field are 2, 3, 9, 1, 8, 7, and 5, and the values in the Known X
field are 6, 5, 11, 7, 5, 4, and 4.
SMALL Function
The SMALL function returns the k-th smallest value in a data set. Use this function to return values
with a particular relative standing in a data set. If n is the number of data points in the values field,
SMALL(values,1) equals the smallest value and SMALL(values,n) equals the largest value.
Syntax: SMALL(values,k)
values A set of numeric data for which you want to determine the k-th smallest value.
Note: If the set is empty, SMALL returns an error.
k The position (from the smallest) in the set of fields to return.
Note: If k ≤ 0 or if k exceeds the number of data points, SMALL returns an error.
Examples:

Formula Result
SMALL(REF([Data Set],[Values]),4) 4th smallest number in the

where Data Set is a cross-reference field and the values in the set of fields (4)
Values field are 3, 4, 5, 2, 3, 4, 6, 4, and 7.
SMALL(REF([Data Set],[Values]),2) 2nd smallest number in the

where Data Set is a cross-reference field and the values in the set of fields (3)
Values field are 1, 4, 8, 3, 7, 12, 54, 8, and 23.
STANDARDIZE Function
The STANDARDIZE function returns a normalized value from a distribution characterized by mean
and standard_dev.
Syntax: STANDARDIZE(x,mean,standard_dev)
x The value that you want to normalize.
standard_dev The standard deviation of the distribution.
Example:
Formula Result
STANDARDIZE(42,40,1.5) Normalized value of 42 for the terms given (1.333333)
STDEV Function
The STDEV function estimates standard deviation based on a sample. The standard deviation is a
measure of how widely values are dispersed from the average value (the mean).
STDEV assumes that its arguments are a sample of the population. If your data represents the entire
population, compute the standard deviation using STDEVP.
The standard deviation is calculated using the "n-1" method. To include logical values and text
representations of numbers in a reference as part of the calculation, use the STDEVA function.
Syntax: STDEV(number1,number2,...)

number1,number2,... 1 to 255 number arguments corresponding to a sample of a population. You

can also use a reference to a set of fields instead of arguments separated by
commas.

directly into the list of arguments are counted. If an argument is a
reference, only numbers in that reference are counted. Empty fields, logical
values, text, or error values in the reference are ignored. Arguments that
are error values or text that cannot be translated into numbers cause errors.
Example:
10 tools stamped from the same machine during a production run are collected as a random sample
and measured for breaking strength.
Formula Result
STDEV(REF([Data Set],[Breaking Strength])) Standard deviation of

where Data Set is a cross-reference field and the values in the Breaking breaking strength
Strength field are 1345, 1301, 1368, 1322, 1310, 1370, 1318, 1350, 1303, (27.46391572)
and 1299.
STDEVA Function
The STDEVA function estimates standard deviation based on a sample. The standard deviation is a
measure of how widely values are dispersed from the average value (the mean). The standard
deviation is calculated using the "n-1" method.
STDEVA assumes that its arguments are a sample of the population. If your data represents the
entire population, you must compute the standard deviation using STDEVPA.
If you do not want to include logical values and text representations of numbers in a reference as
part of the calculation, use the STDEV function.
Syntax: STDEVA(value1,value2,...)

value1,value2,... 1 to 255 values corresponding to a sample of a population. You can also use a
reference to a set of fields instead of arguments separated by commas.
Note: Arguments can be the following: numbers; names, or references that

contain numbers; text representations of numbers; or logical values, such as
TRUE and FALSE, in a reference. Arguments that contain TRUE evaluate as
1; arguments that contain text or FALSE evaluate as 0 (zero). If an argument is
a reference, only values in that reference are used. Empty cells and text values
in the reference are ignored. Arguments that are error values or text that cannot
be translated into numbers cause errors.
Example:
Formula Result
STDEVA(REF([Data Set],[Breaking Strength])) Standard deviation of

where Data Set is a cross-reference field and the values in the breaking strength for all the
Breaking Strength field are 1345, 1301, 1368, 1322, 1310, 1370, tools (27.46391572)
1318, 1350, 1303, and 1299.
STDEVP Function
The STDEVP function calculates standard deviation based on the entire population given as
arguments. The standard deviation is a measure of how widely values are dispersed from the
average value (the mean).
STDEVP assumes that its arguments are the entire population. If your data represents a sample of
the population, compute the standard deviation using STDEV.
For large sample sizes, STDEV and STDEVP return approximately equal values.
The standard deviation is calculated using the "n" method.
To include logical values and text representations of numbers in a reference as part of the
calculation, use the STDEVPA function.
Syntax: STDEVP(number1,number2,...)

number1,number2,... 1 to 255 number arguments corresponding to a population. You can also use
a reference to a set of fields instead of arguments separated by commas.

numbers. Logical values, and text representations of numbers that you type
directly into the list of arguments are counted. If an argument is a
reference, only numbers in that reference are counted. Empty fields, logical
values, text, or error values in the reference are ignored. Arguments that
are error values or text that cannot be translated into numbers cause errors.
Example:
Formula Result
STDEVP(REF([Data Set],[Breaking Strength])) Standard deviation of breaking

where Data Set is a cross-reference field and the values in strength, assuming only 10 tools
the Breaking Strength field are 1345, 1301, 1368, 1322, 1310, are produced (26.05455814)
1370, 1318, 1350, 1303, and 1299.
STDEVPA Function
The STDEVPA function calculates standard deviation based on the entire population given as
arguments, including text and logical values. The standard deviation is a measure of how widely
values are dispersed from the average value (the mean).
STDEVPA assumes that its arguments are the entire population. If your data represents a sample of
the population, you must compute the standard deviation by using STDEVA.
For large sample sizes, STDEVA and STDEVPA return approximately equal values.
If you do not want to include logical values and text representations of numbers in a reference as
part of the calculation, use the STDEVP function.
The standard deviation is calculated using the "n" method.
Syntax: STDEVPA(value1,value2,...)

value1,value2,... 1 to 255 values corresponding to a population. You can also use a reference to a
set of fields instead of arguments separated by commas.
Note: Arguments can be the following: numbers; names or references that

contain numbers; text representations of numbers; or logical values, such as
TRUE and FALSE, in a reference. Text representations of numbers that you
type directly into the list of arguments are counted. Arguments that contain
TRUE evaluate as 1; arguments that contain text or FALSE evaluate as 0
(zero). If an argument is a reference, only values in that reference are used.
Empty fields and text values in the reference are ignored. Arguments that are
error values or text that cannot be translated into numbers cause errors.
Example:
Formula Result
STDEVPA(REF([Data Set],[Breaking Strength])) Standard deviation of breaking

where Data Set is a cross-reference field and the values in strength, assuming only 10 tools
the Breaking Strength field are 1345, 1301, 1368, 1322, 1310, are produced (26.05455814)
1370, 1318, 1350, 1303, and 1299.
STEYX Function
The STEYX function returns the standard error of the predicted y-value for each x in the regression.
The standard error is a measure of the amount of error in the prediction of y for an individual x.
Syntax: STEYX(known_y's,known_x's)
known y's A set of dependent data points.
known x's A set of independent data points.

Note: Arguments can be numbers, names or references that contain numbers. Logical values and
text representations of numbers that you type directly into the list of arguments are counted. If a
reference argument contains text, logical values, or empty fields, those values are ignored; however,
fields with the value zero are included. Arguments that are error values or text that cannot be
translated into numbers cause errors. If known_y's and known_x's have a different number of data
points, STEYX returns an error. If known_y's and known_x's are empty or have less than three data
points, STEYX returns an error.
Example:
Formula Result
STEYX(REF([Data Set],[Dependent Data]), REF([Data Set], Standard error of the

[Independent Data])) predicted y-value for each x
where Data Set is a cross-reference field, the values in the in the regression (3.305719)
Dependent Data field are 2, 3, 9, 1, 8, 7, and 5, and the values in
the Independent Data field are 6, 5, 11, 7, 5, 4, and 4.
SUM Function
The SUM function adds all of the numbers in the specified parameters. If the SUM function
references a multi-selection values list, it can be used with the SELECTED function to return the
sum of the numeric values for each of the currently selected items.
Syntax: SUM(number1, number2,...)
number1, Parameters for which you want the total value. These parameters can be entered as
number2, hard-coded values, for example, 2, or Numeric-field references, for example, [field
name]. Referenced fields can reside within the application or within Sub-Form,
Cross-Reference, or Related Records fields.
Examples:
Formula Result
SUM(3, [Risk]) 15
where the value in the Risk field is 12.
SUM([Risk], [Criticality]) 19

Formula Result
SUM(REF([Orders],[Price])) 202.94
where the value in the Price field within the Orders sub-form are 120.00, 50.19, and
32.75.
SUM(SELECTEDVALUENUMBER([Key Factors])) 25
where Key Factors is a multi-selection Values List field and the numeric values of the
current selections are 3, 8, 4, and 10.
SUMIF Function
The SUMIF function sums the values of a specified Numeric field across all records in a Sub-Form,
Cross-Reference, Related Records, or Scheduler field that contain a specific value in a given field.
For example, you can return the sum of all Price field values across all cross-referenced records in
which the Status field is set to “Shipped.”
Syntax: SUMIF(eval_field_ref, criterion, sum_field_ref)
eval_field_ The reference to the field against which the criterion will be evaluated.
ref
field to sum.

criterion The test that will be performed against eval_field_ref to determine whether a given
record will be qualified for the sum operation. The criterion can involve Values List,
User/Groups List, and Record Permissions fields as well as fields containing
numeric, text, and date type values.
l Values Lists. If eval_field_ref is a Values List field, enclose the criterion value
in VALUEOF or supply it as a quoted literal string, for example, "Dallas".
l User/Groups List and Record Permissions Fields. If eval_field_ref is a

User/Groups List or Record Permissions field, enclose the criterion value in
USER or GROUP (as appropriate for the criterion).
l Text, Numeric, or Date Fields. If eval_field_ref is a Text, Numeric, or Date

field, the criterion must be enclosed in quotes, for example, ">56", and the
criterion can involve any of the supported comparison operators (=, <, >, <=, >=,
<>).
Note: The evaluation will always result in no matches if there is a space between
the operator and the test value. For example, if the intent is to sum a given Numeric
field across all sub-form records where a another given field contains a numeric
value greater than 56, a space cannot appear in the formula between the ">" and the
"56"

"greater than today" would be:
">"&TODAY( )
sum_field_ The reference to a Numeric field that will be summed across all qualified records.
ref
field to sum.
Examples:

Formula Result
SUMIF(REF([Cases], [Status]), VALUEOF(REF([Cases], [Status]), "Open"),REF 832

([Cases], [Time Spent]))
where:
l The name of the Cross-Reference field is Cases.
l The Status Values List field contains the values to be evaluated.
l The criterion for matching on the Status field is the selection “Open”.
l Time Spent is a Numeric field containing the numeric values to be summed.
l The sum of Time Spent across all “Open” cases is 832 minutes.
SUMIF(REF([Items], [Line Item Cost]), ">5.99",REF([Items], [Line Total])) 2378.10

where:
l The name of the Sub-Form field is Items.
l The Line Item Cost Numeric field in the related sub-form contains the data to be
evaluated.
l The criterion for matching on Line Item Cost is values greater than 5.99.
l Line Total is a Numeric field containing the numeric values to be summed.
l The sum of Line Total across all sub-form records where Line Item Cost is greater
than 5.99 is 2378.10.
SUMIF(REF([Properties], [Sale Price]), ">=150000") 2654887

where:
l The Sale Price Numeric field in the related application contains the data to be
evaluated.
l The criterion for matching on Sale Price is values greater than or equal to 150000.
l The sum of Sale Price across all related records where Line Item Cost is greater than
or equal to 150000 is 1654887.
Note: In this example, the sum_field_ref is not passed to SUMIF. As a result, the
system will use Sale Price for evaluation purposes and for summing.

Formula Result
SUMIF(REF([Properties], [Sale Date]), ">="&DATETIMEVALUE("7/1/2008"),REF 1299000

([Properties], [Sale Price]))
where:
l The Sale Date field in the related application contains the data to be evaluated.
l The criterion for matching on Sale Date is dates greater than or equal to 7/1/2008.
l Sale Price is a Numeric field containing the numeric values to be summed.
l The sum of Sale Price across all related records where Sales Date is greater than or
equal to 7/1/2008 is 1299000.
SUMPRODUCT Function
The SUMPRODUCT function multiplies corresponding components in the given sets of fields, and
returns the sum of those products.
Syntax: SUMPRODUCT(values1,values2,values3, ...)
values1, 2 to 255 sets of values whose components you want to multiply and then add.
values2,
values3, ... Note: The respective arguments must have the same dimensions. If they do not,
SUMPRODUCT returns an error. SUMPRODUCT treats field entries that are not
numeric as if they were zeros.
Example:
Formula Result
SUMPRODUCT(REF([Data Set],[Values1]),REF Multiplies all the components of the two

([Data Set],[Values2])) arrays and then adds the products — that
where Data Set is a cross-reference field and the is, 3*2 + 4*7 + 8*6 + 6*7 + 1*5 + 9*3.
values in the Values1 field are 3, 4, 8, 6, 1, and 9, (156)
and the values in the Values2 field are 2, 7, 6, 7, 5,
and 3.
SUMSQ Function
The SUMSQ function returns the sum of the squares of the arguments.


Syntax: SUMSQ(number1,number2, ...)
number1, 1 to 255 arguments for which you want the sum of the squares. You can also use a
number2, ... reference to an array instead of arguments separated by commas.
Note: Arguments can be numbers, names, or references that contain numbers.

Numbers, logical values, and text representations of numbers that you type directly
into the list of arguments are counted. If an argument is a reference, only numbers in
that reference are counted. Empty cells, logical values, text, or error values are
ignored. Arguments that are error values or text that cannot be translated into
Example:
Formula Result
SUMSQ(3,4) Sum of the squares of 3 and 4 (25)
SUMX2PY2 Function
The SUMX2PY2 function returns the sum of the sum of squares of corresponding values in two sets
of fields. The sum of the sum of squares is a common term in many statistical calculations.
Syntax: SUMX2PY2(values_x,values_y)
SUMX2PY2 returns an error.
Example:

Formula Result
SUMX2PY2(REF([Data Set],[Values1]), REF([Data Set], Sum of the sum of squares

[Values2])) of the two sets of fields
where Data Set is a cross-reference field, the values in the Values1 given (521)
field are 2, 3, 9, 1, 8, 7 and 5 and the values in the Values2 field are
6, 5, 11, 7, 5, 4, and 4.
SUMXMY2 Function
The SUMXMY2 function returns the sum of squares of differences of corresponding values in two
sets of fields.
Syntax: SUMXMY2(values_x,values_y)
SUMXMY2 returns an error.
Examples:
Formula Result
SUMXMY2(REF([Data Set],[Values1]), REF([Data Set],[Values2])) Sum of squares of

where Data Set is a cross-reference field, the values in the Values1 differences of the two
field are 2, 3, 9, 1, 8, 7, and 5, and the values in the Values2 field are arrays given (79)
6, 5, 11, 7, 5, 4, and 4.
SUMXMY2({2, 3, 9, 1, 8, 7, 5}, {6, 5, 11, 7, 5, 4, 4}) Sum of squares of

differences of the two
arrays constants (79)
TRIMMEAN Function
The TRIMMEAN function returns the mean of the interior of a set of data. The value is derived by
determining the mean of a series of values and excluding a percentage of the top and bottom values
from the data set. This function can be used to eliminate outliers when determining the mean.


Syntax: TRIMMEAN(values,percent)
values A set of values.
percent This is the percent of data points to exclude when determining the mean. For
example, if the percent parameter is .2 and the number of values in the data series is
100, 20 data points will be excluded when determining the mean (100 x .2 = 20).
Within the excluded data points for this example, the calculation will exclude the 10
highest values and the 10 lowest values.
Note: This function rounds the number of excluded data points down to the nearest
multiple of 2. For example, if the percent is .1 and the number of data points is 30,
the number of excluded data points should be 3. However, since this returns an odd
number, TRIMMEAN will round this number down to 2 and exclude the highest
value and the lowest value in the data series.
Example:
Formula Result
TRIMMEAN(REF([Facilities],[Risk 69
Rating]), .2) The values 45 and 92 were thrown out (since 20%
where Facilities is a cross-reference field of the values were to be excluded) and the function
and the values in the Risk Rating field are found the mean of the remaining values.
35, 50, 52, 60, 68, 75, 79, 82, 86, and 100.
VAR Function
The VAR function estimates the variance based on a sample of numbers. This function can compute
the variance for up to 255 different values.
Syntax: VAR(number1, number2,...)

number1, Parameters for which you want to find the variance. These parameters can be
number2, ... entered as hard-coded values, for example, 2, or Numeric-field references, for
example, [field name]. Referenced fields can reside within the application or within
Sub-Form, Cross-Reference, or Related Records fields.
Note: This function assumes the numbers represent a sample from the overall
population. If your data set represents the entire population, you must compute the
variance using VARP.
Example:
Formula Result
VAR(REF([Facilities],[Risk Rating])) 382.4556

where the parent record is related to 10 Facilities records and the values in the Risk
Rating field are 35, 50, 52, 60, 68, 75, 79, 82, 86, and 100.
VARA Function
The VARA function estimates the variance based on a sample of numbers, text, or logical values
(TRUE or FALSE).
Syntax: VARA(value1, value2,...)
value1,value2, Parameters for which you want to find the variance. These parameters can be
entered as hard-coded values, for example, 2, or field references, for example,
[field name]. Referenced fields can reside within the application or within Sub-
Form, Cross-Reference, or Related Records fields. If logical values (TRUE or
FALSE) are used, they are evaluated as 1 and 0, respectively.
Note: This function assumes the numbers represents a sample from the overall
population. If your data set represents the entire population, you must compute the
variance using VARPA.
Example:

Formula Result
VAR([Offshore Facilities],[Risk Rating],[Customer Data])) 30.33333

where the value of the Offshore Facilities field is "True", the value of the Risk Rating
field is "10", and the value of the Customer Data field is "False".
VARP Function
The VARP function estimates the variance based on the entire population. This function can
compute the variance for up to 255 different values.
Syntax: VARP(number1, number2,...)
number1, Parameters for which you want to find the variance. These parameters can be
number2, ... entered as hard-coded values, for example, 2, or Numeric-field references, for
example, [field name]. Referenced fields can reside within the application or within
Sub-Form, Cross-Reference, or Related Records fields.
Note: This function assumes that the numbers represent the entire population. If
your data set represents a sample population, you must compute the variance using
VAR.
Example:
Formula Result
VARP(REF([Facilities],[Risk Rating])) 344.21

where the parent record is related to 10 Facilities records and the values in the Risk
Rating field are 35, 50, 52, 60, 68, 75, 79, 82, 86, and 100.
VARPA Function
The VARPA function estimates the variance based on a total population of numbers, text or logical
values (TRUE or FALSE).
Syntax: VARPA(value1, value2,...)

value1,value2, Parameters for which you want to find the variance. These parameters can be
... entered as hard-coded values, for example, 2, or field references, for example,
[field name]. Referenced fields can reside within the application or within Sub-
Form, Cross-Reference, or Related Records fields. If logical values (TRUE or
FALSE) are used, they are evaluated as 1 and 0, respectively.
Note: This function assumes the numbers represent the entire population. If your
data set represents a sample population, you must compute the variance using
VARA.
Example:
Formula Result
VARPA([Offshore Facilities],[Risk Rating],[Customer Data])) 20.22222

where the value of the Offshore Facilities field is "True", the value of the Risk Rating
field is "10", and the value of the Customer Data field is "False".
WEIBULL Function
The WEIBULL function returns the Weibull distribution. You can use this distribution in reliability
analysis.
Syntax: WEIBULL(x,alpha,beta,cumulative)
x The value of the function.
Note: If x is nonnumeric or if x < 0, WEIBULL returns an error.
alpha A parameter value for the distribution.
Note: If alpha ≤ 0, WEIBULL returns an error.
beta The other parameter value for the distribution.
Note: If beta ≤ 0, WEIBULL returns an error.
cumulative A logical value that indicates which form of the function to provide. If cumulative is
TRUE, WEIBULL returns the cumulative distribution function; if FALSE, it returns
the probability density function.

Examples:
Formula Result
WEIBULL(210,40,200,TRUE) .999124
WEIBULL(210,40,200,FALSE) .001175
ZTEST Function
The ZTEST function returns the one-tailed probability value of a z-test. The function returns the
probability that the sample mean would be greater than the average of observations in the data set.
Syntax: ZTEST(values,test,sigma)
values A range of values.
Note: If a reference argument contains text, logical values, or empty fields, those
test The value to test.
sigma The population standard deviation. If this value is not provided, the sample standard
deviation is used.
Example:
Formula Result
ZTEST(REF([Facilities],[Risk Rating]),85) .99580

where Facilities is a cross-reference field and the values in the Risk Rating field are 35,
50, 52, 60, 68, 75, 79, 82, 86, and 100.
CONTAINS Function
The CONTAINS function is used to determine if any value within a list of values matches the value
stored in a given field. If one of the values matches the field value, the function evaluates to TRUE
and one value is returned. If there is no match between the list of values and the field value, the
function evaluates to FALSE and another value is returned. The CONTAINS function must be used
in conjunction with an IF function.

Although done infrequently, the CONTAINS function may be used to test whether the string value of
a given Text field is equal to any one of a list of given string values. When a Text field is targeted,
the string value in the field will be compared to the given test strings. Matching will be based on
complete strings only. The function will not find a match based on a substring. For example, if the
target Text field contains the value “Confiscated laptop”, CONTAINS will not find a match for a
test string of “laptop”.
Syntax: IF(CONTAINS(eval_type, field_ref, value1, value2...),value_if_true,value_if_false)
eval_type One of the following evaluation type keywords:

l ANY. Specifies that the targeted field must contain at least one of the given
selections.
l EXACT. Specifies that the targeted function must contain each of the given
selections and only those selections
l ALL. Specifies that the target field must, at a minimum, contain each of the
given selections. When using ALL, CONTAINS will still return TRUE even if
there are selections in the field in addition to the ones specified.
Note: When targeting a Text field, CONTAINS will return TRUE if one or more of
the supplied test strings match the string value of the Text field. The behavior of
EXACT and ALL is the same when targeting a text field. When using EXACT or
ALL against a Text field, only one test string should be specified because a Text
field can have only one value.
field_ref A reference to a field, for example, [field name].The reference must be a Values
List, User/Groups List, Record Permissions, or Text field.

value1, Any one the following:

value 2, ...
l One or more string values supplied as a potential match for the values selected in
the targeted list field. (When evaluating the selections in a Values List field, the
test string values should be enclosed in a VALUEOF function.)
l One or more references to additional Values List, User/Groups List, or Record

Permissions fields. At runtime, the system will extract the list of selections in the
supplied fields and treat those values as strings (or user/group IDs) to be tested
against the selections in the targeted field.
Note: When referencing multiple fields to obtain test values, all fields must be of
the same type and that type must match the type of the target field. When
referencing a User/Groups List or Record Permissions field to obtain test values,
the field reference must be wrapped in either the GETUSERS or GETGROUPS
function to provide the proper context for retrieving the selections. Selections in
User/Groups List and Record Permissions fields will be returned as IDs, while
selections in a Values List field will be returned as strings.
l A combination of both literal values and field references. At runtime, the system
will extract the list of selections for any referenced field and, conceptually,
marry those selections to the literal values provided to form a single list of
selections to test against the target field.
Examples:
Formula Result
IF(CONTAINS(ANY, [Location], VALUEOF([Office], "Chicago", "Local", Local

"Global")))
where the selected value in Location is Chicago.
IF(CONTAINS(ANY, [Region], VALUEOF([Office], "Connecticut", "New Connecticut

York", "Massachusetts"), VALUEOF ([Office], "Kansas", "Illinois", "Texas")) New York
Massachusetts
CONTENTID Function
The CONTENTID function returns a content record ID that uniquely identifies the current record
within the context of the current application or sub-form. Content IDs are generated sequentially,
beginning with the number 1.

Syntax: CONTENTID( )
Example:
Formula Result
[Type Code] & "-" & TRACKINGID( ) & "-" & CONTENTID( ) WORM-
where the value in the Type Code field is WORM, the system-wide tracking ID is 678904-34
678904 and the application-specific tracking ID is 34.
GETGROUPS Function
The GETGROUPS function returns a list of group IDs for the groups currently selected in a
specified User/Groups List or Record Permissions field. The list of group IDs can then be evaluated
by another function. For example, GETGROUPS might be used inside a CONTAINS function to
determine whether a given group is contained in the list of groups retrieved from a specified
User/Groups List field.
Syntax: GETGROUPS(field_ref)
field_ref A User/Groups List or Record Permissions field.
Examples:
Formula Result
IF(CONTAINS(ANY, GETGROUPS([Team]), GROUP(NAME, "Training", Yes

"Support", "IT")), "Yes”, “No”)
where the group "Training” (which is referenced by name here but converted to an
ID at runtime) matches the ID of a group returned from the a User/Groups List field
named Team.
IF(ISEMPTY(GETGROUPS([Reviewers]), "Empty - No groups selected", "Not Not Empty

Empty - One or more groups selected") – One or
where one or more groups are currently selected in the Reviewers Record more
Permissions field. groups
selected
In this example, ISEMPTY is only evaluating the Reviewers field for group
selections, not user selections. In this example, ISEMPTY would have returned true
if no groups were selected but one or more users were selected.

Formula Result
IF(AND(ISEMPTY(GETUSERS ([Reviewers]), ISEMPTY(GETGROUPS, Empty -

([Reviewers])),"Empty - No users or groups selected", "Not Empty - One or more No users
users or groups selected") or groups
where the Reviewers Record Permissions field has no selections. selected
To evaluate both user and group selections, two ISEMPTY functions can be wrapped
in an AND function, as shown above.
IF(AND(CONTAINS(EXACT, GETGROUPS([Case Managers]), GROUP(NAME, All test

"Training", "Support", "IT")), CONTAINS(EXACT, GETUSERS([Case users and
Managers]), USER(LOGIN, "blair.gates", "alfred.turks", "betty.smalls"))), "All test groups are
users and groups are selected", "Test failed") selected
where the Case Managers Record Permissions field contains each of the test
selections and only those selections.
To test a User/Groups List or Record Permissions field for a combination of user and
group selections, two CONTAINS functions can constructed (one to test for groups;
one to test for users) and wrapped in an AND, OR or NOT function.
GETUSERS Function
The GETUSERS function returns a single user ID for a user currently selected in a specified
User/Groups List or Record Permissions field. The user ID can then be evaluated by another
function. For example, GETUSERS might be used inside a CONTAINS function to determine
whether a given user matches the ID of a user returned from a specified User/Groups List field.
Important: To ensure that this function returns no more than one user ID, you must set the
Maximum Selections option in the Configuration section for a User/Groups List field or a Record
Permissions field to 1. Otherwise, the GETUSERS function returns an error.

Syntax: GETUSERS(field_ref)
In the above syntax, the parameter in bold is required.
field_ref A User/Groups List or Record Permissions field.
Examples:

Formula Result
IF(CONTAINS(ANY, GETUSERS ([Sales Rep]), USER(NAME, "Wilson, Yes

Jonah", “Kellerman, Kathy”, “Boone, Julia”)), "Yes”, “No”
where the user "Boone, Julia” (who is referenced by name here but converted to an
ID at runtime) matches the ID of a user returned from the User/Groups List field
named Sales Rep.
IF(ISEMPTY(GETUSERS ([Associate]), "Empty - No users selected", "Not Empty Empty – No

- One or more users selected") users
where no users are currently selected in the Associate Users/Groups List field. selected
In this example, ISEMPTY is only evaluating the Associate field for user
selections, not group selections. In this example, ISEMPTY would have returned
true if no users were selected but one or more groups were selected.
IF(AND(ISEMPTY(GETUSERS ([Reviewers]), ISEMPTY(GETGROUPS, Empty - No

([Reviewers])),"Empty - No users or groups selected", "Not Empty - One or more users or
users or groups selected") groups
where the Reviewers Record Permissions field has no selections. selected
To evaluate both user and group selections, two ISEMPTY functions can be
wrapped in an AND function, as shown above.
GROUP Function
The GROUP function is used to maintain the validity of a formula reference to a specific group
selection in a User/Groups List or Record Permissions field, even if the group name is changed
later.
The GROUP function also directly accepts system-assigned group ID numbers. Each group in the
system has an internal ID number that is guaranteed to be unique. For example, if two groups both
named Support exist in the system, the group name cannot be resolved to determine whether the
intended Support is selected in the given User/Groups List or Record Permissions field. However, a
system ID (for example, 48761) can be used in place of the ambiguous group name to uniquely
identify the correct Support group.
Return Type: Text or Numeric, depending on the format selected for the ref_type parameter
Syntax: GROUP(ref_type, value1, value2…)
ref_type Accepts the keyword NAME or ID. If NAME is specified, the function will inspect
field selections by literal group name, for example, "Support". If ID is specified, the
function will inspect group selections based on unique system-assigned ID numbers.

value1, One or more values within a User/Groups or Record Permissions field.

value2… NAME. If ref_type is NAME, group names must be passed exactly as they display
in the User/Groups List or Record Permissions field. Matching will be case
sensitive. When using NAME with GROUP, an error will occur during formula
validation if any of the following is true:
l If the named group cannot be found in any domain
l If the named group is found in more than one domain
l If the named group is found in a single domain but the group name is not unique
within that domain
If the NAME string contains at least one @ sign, the system will assume that all
text following the last @ sign is a domain reference and the system will attempt to
locate that domain. If the NAME string does not contain a @ sign, the system will
look for an exact match for the entire group name string in the Archer (NULL)
domain and the default domain.
Note: The system will attempt to match the domain name against both active and
deleted (for example, soft-deleted) domains. Only active domain names must be
unique; it is possible that a deleted domain has the same name as an active domain.
If the group name string exists in more than one of the domains that have the same
name, the system will fail the formula on validation.
If the domain can be found:

1. The system will treat all text in the name string before the last @ sign as the
group name and will attempt to find that group within the domain.
2. If the group is found within the domain, the system will replace the group name
string in the formula with the ID of the group matching that login.
3. If the domain cannot be found:
4. The system will look for an exact match for the entire group name string in the
Archer (NULL) domain and the default domain.
5. If only one group with that name exists, the system will replace the group name
string in the formula with the ID of that group.
ID. If ref_type is ID, the function will expect one or more system-assigned group ID
numbers. The IDs in the list should be quoted. When using ID with GROUP, an
error will occur during formula validation the group ID cannot be found in any
domain.

Examples:
Formula Result
IF(CONTAINS(ANY, GETGROUPS([Technician]), GROUP(NAME, "Tier 1", "Tier Priority

4", “Tier 9”)), "Priority", "Standard")
where the group "Tier 4" is selected in the Technician User/Groups List field.
IF(CONTAINS(ANY, GETGROUPS([Technician]), GROUP(ID, 76712, 89766, Yes

90287)),"Yes", "No")
where "Tier 9" is selected in the Technician User/Groups List field and that group’s
unique system ID is 90287.
ISCORRECT Function
The ISCORRECT function evaluates a Values List question and determines whether the selected
value is identified as “Correct” or “Incorrect.” Values are identified as either correct or incorrect on
the Answer tab of the Define Fields page. The function evaluates to TRUE if the selected value is
set as the “Correct” value. The function evaluates to FALSE if the selected value is not set as the
“Correct” value. The ISCORRECT function must be used in conjunction with an IF function and can
only be used against a Values List question within a questionnaire.
supplied for the value_if_true and value_if_false parameters.
Syntax: ISCORRECT([field_ref])
field_ref A reference to the Values List question, for example, [question name].
Example:
Formula Result
IF(ISCORRECT([Password Question]),“Compliant”,“Not Compliant”) Compliant

where the value selected for the question is identified as “Correct”.
ISEMPTY Function
The ISEMPTY function is used to determine if a given field contains a value or is blank (empty).
The function evaluates to TRUE if the specified field is blank, for example, contains no value. The
function evaluates to FALSE if the specified field is not blank (contains a value). The ISEMPTY
function must be used in conjunction with an IF function.
supplied for the value_if_true and value_if_false parameters.

Syntax: ISEMPTY([field_ref])
field_ref A reference to a field, for example, [field name].
Examples:
Formula Result
IF(ISEMPTY([Middle Name]), "No middle name", "Middle name is " & No middle name
[Middle Name])
where Middle Name is a Text field containing no value.
IF(ISEMPTY([Middle Name]), "No middle name", "Middle name is " & Middle name is
[Middle Name]) Douglas
where Middle Name is a Text field containing the value Douglas.
ISNUMBER Function
The ISNUMBER function checks the specified value and returns TRUE or FALSE depending on
whether it is a number. You can use this function to get information about a value before performing
a calculation or other action with it.
Syntax: ISNUMBER(value)
value The value that you want tested. The value argument can be a blank (empty cell),
error, logical value, text, number, or reference value, or a name referring to any of
these. Returns TRUE if Value refers to a number.
Note: The value arguments of the IS functions are not converted. Any numeric
values that are enclosed in double quotation marks are treated as text. For example,
in most other functions where a number is required, the text value "19" is converted
to the number 19. However, in the formula ISNUMBER("19"), "19" is not converted
from a text value to a number value, and the ISNUMBER function returns FALSE.
Example:
Formula Result
ISNUMBER(4) Checks whether 4 is a number (TRUE)

MOSTRECENTVALUE Function
The MOSTRECENTVALUE displays a specific value from the record that is evaluated as the
"most recent" from a list of related records. For example, if a record in the Facilities application is
related to multiple questionnaires, you could use this function to return the value of the Quantitative
Summary field from the most recently submitted questionnaire.
Return Type: Text
Syntax: MOSTRECENTVALUE(field_to_display, date_criteria_field)
field_to_ This is the reference for the field value that you want to display, for example, REF
display ([Cross-Reference field name],[field name]).
date_ This is the Date field that you will use to determine which of the related records has
criteria_ the most recent value, for example, REF([Cross-Reference field name],[Date field
field name]).
Example:
Formula Result
MOSTRECENTVALUE(REF([Risk Questionnaire],[Inherent Risk]), REF([Risk 65

Questionnaire],[Submitted Date]))
where the value in the Inherent Score field of the record with the most recent Submitted
Date value is "65".
NOVALUE Function
The NOVALUE function is used either to set a null value for a calculated Date, Text, or Numeric
field or to set a calculated Values List field to have no selection. The NOVALUE function is only
valid within the context of the IF function.
Note: The NOVALUE function cannot be passed to VALUEOF to clear selections from a
calculated Values List field.
Return Type: None

Syntax: NOVALUE()
Examples:

Formula Result
IF([Rating] >=0, “Action Required”, NOVALUE( )) The calculated Text field is set
where the value of Rating is less than 6 and the calculated field to null.
is a Text field .
OTHERTEXT Function
The OTHERTEXT function returns the text a user has entered in the "Other" field for the specified
Values List field or Values List question.
Return Type: Text
Syntax: OTHERTEXT([field_ref])
field_ref A reference to a Values List field or Values List question, for example, [question
name].
Examples:
Formula Result
OTHERTEXT([Severity of Last Security Incident]) We have not had

where the name of the Values List question is "Severity of Last Security a security
Incident" and the text entered in the Other field is "We have not had a security incident.
incident."
REF Function
The REF function returns a reference to a field that is a child field to a parent Sub-Form, Cross-
Reference, Related Records, or Scheduler field. It can be used within another calculation that
requires a set of fields or values as input. REF is only valid for use with the following field types:
l Cross-Reference
l Related Records
l Sub-Form
l Scheduler
Return Type: Text, Numeric, Date, or a Values List field selection, depending on the type of data
returned from the referenced field
Syntax: REF(parent_field, child_field, data_level_name)

parent_field The name of the Cross-Reference, Related Records, Sub-Form, or Scheduler field.
These field types are considered "parents" because they act as containers for other
fields. For example, a Sub-Form field by itself does not have any value; values can
only be derived from its child fields.
child_field The name of a field that resides within the parent_field.
data_level_ If a Cross-Reference field targets a multi-level application, the name of the level
name under which the field resides. Passing data_level_name is optional and is only
necessary when a Cross-Reference field targets a multi-level application.
For a Scheduler field, the data_level_name is required, since Scheduler fields
always target multiple levels. The Scheduler field always targets the Appointment
application and may target either the resource application or one or more parent
applications.
Examples:
Formula Result
SUM(REF([Controls], [Risk])) Cross-Reference to

where Controls is a Cross-Reference field and Risk is a field in the Flat Application
cross-referenced flat application.
AVERAGE(REF([Response Measures], [Severity Rating], [Responses])) Cross-Reference to

where Response Measures is a Cross-Reference field, Responses is a Multi-Level
level in the cross-referenced multi-level application and Severity Rating Application
is a field in the Responses data level.
COUNTA(REF([Baselines], [Name])) Related Records

where Baselines is a Related Records field and Name is a field in the
application that contains the corresponding Cross-Reference field.
COUNTA(REF([Actions], [Contact ID])) Sub-Form

where Actions is a Sub-Form field and Contact ID is a field in the sub-
form associated with the Sub-Form field.
SUM(REF([SchedulerField],[Duration (Hours)],[Appointment])) Scheduler Field

where SchedulerField is a scheduler field, Duration (Hours) is a field in reference to the
the Appointment application and Appointment is the level through which Appointment
the scheduler is referencing. application

SELECTEDVALUENUMBER Function
The SELECTEDVALUENUMBER function extracts the numeric value from the values list item
selected from a Values List field. If the Values List field allows multiple selections, this function
must be used in conjunction with an aggregate function, as the following example shows:
SUM(SELECTEDVALUENUMBER([Multi-Select Values List Field]))
In addition, if you reference a Values List field in a cross-referenced application, both the Cross-
Reference field used to form the application relationship and the Values List field in the related
application must be single-select fields in order to use the SELECTEDVALUENUMBER function
without wrapping it in an aggregate function. If either the Cross-Reference or Values List field
allows multiple selections, an aggregate function must also be used, as shown in the following
example:
AVERAGE(SELECTEDVALUENUMBER(REF([Multi-Select Cross-Ref Field], [Values List
Field])))
If no numeric value is assigned to a values list item, that value will be treated as 0. The only
exception is when the AVERAGE function is used in conjunction with the
SELECTEDVALUENUMBER function. In this case, the null value will not be used in the
calculation. Use the following values as an example:
Value A: 10
Value B: 5
Value C: no numeric value assigned
If the SUM function is used in conjunction with SELECTEDVALUENUMBER, Value C will be
treated as 0 in the calculation. If all three values were selected in the Values List field, the result of
the calculation would be 15. However, if the AVERAGE function were used and all three values
were selected in the Values List field, Value C would be ignored in the calculation since it has no
numeric value. The result would be 7.5.
Syntax: SELECTEDVALUENUMBER(field_ref)
field_ref A reference to a Values List field in the application, for example, [Risk Rating], a
field in a child sub-form, for example, [Notes].[Risk Rating], or a field in a cross-
referenced application, for example, [Vendors].[Risk Rating].
Examples:

Formula Result
SELECTEDVALUENUMBER([Risk Rating]) 10
where the selected value in the Risk Rating field is “High” and the numeric value
assigned to the value “High” is 10.
MAX(SELECTEDVALUENUMBER([Affected Departments])) 10
where the Affected Departments field is a multi-select Values List field, the selected
values are “Operations” and “IT,” and the associated numeric values are 7 and 10,
respectively.
AVERAGE(SELECTEDVALUENUMBER(REF([Vendors], [Risk Rating]))) 9

where Vendors is a multi-select Cross-Reference field to the Vendors application, Risk
Rating is a single-select Values List field in the Vendors application, the selected values
in the related records are “High” and “Low,” and the associated numeric values are 10
and 8, respectively.
TRACKINGID Function
The TRACKINGID function returns a record ID that uniquely identifies the current record across
all applications. This function could be used in conjunction with the CONTENTID function to
produce a complex ID that combines the system-wide ID, the application-specific ID, and data
pulled from other fields.
Syntax: TRACKINGID( )
This function does not have parameters.
Example:
Formula Result
[Type Code] & "-" & TRACKINGID( ) & "-" & CONTENTID( ) WORM-
where the Type Code field is WORM, the system-wide tracking ID is 678904, and 678904-34
the application-specific content record ID is 34.
USER Function
The USER function maintains the validity of a formula reference to a specific user selection in a
User/Groups List or Record Permissions field, even if the user name is changed later. User
references can be passed as either as literal names or logon IDs. A logon name can optionally be
referenced by a specific domain.
For example, if the literal user name "Jones, Mary" is referenced in a formula within the USER
function and that user’s name is subsequently changed to "Jones-Smith, Mary", the original user
name reference will automatically be updated in the formula to "Jones-Smith, Mary".

As another example, user Mary Jones is referenced in a formula by her Archer logon name for the
domain "bigcompany.com". Her logon name should be passed to the USER function as
"mjones@bigcompany.com". If an administrator later changes Mary Jones’ logon name on that
domain to "msmith", the original logon name will automatically be updated to
"msmith@bigcompany.com".
The USER function also directly accepts system-assigned user ID numbers. Each user in the system
has an internal ID number that is guaranteed to be unique. For example, if two users both named
Graham, Ned exist in the system, the user name cannot be resolved to determine whether the
intended Graham, Ned is selected in the given User/Groups List or Record Permissions field.
However, a system ID, for example, 76219, can be used in place of the ambiguous user name to
uniquely identify the correct Graham, Ned.
Return Type: Text or Numeric, depending on the format selected for the ref_type parameter
Syntax: USER(ref_type, value1, value2…)
ref_type Accepts the keyword NAME, LOGIN, or ID.

l If NAME is specified, the function will inspect field selections by literal user
name, for example, "Jones, Mary".
l If LOGIN is specified, the function will inspect user selections based on logon
name, rather than user name, for example, mjones@bigcompany.com.
l If ID is specified, the function will inspect user selections based on unique

system-assigned ID numbers.

value1, One or more values within a User/Groups or Record Permissions field.

value2…
l NAME. If ref_type is NAME, user names must be passed exactly as they
display in the User/Groups List or Record Permissions field. If passing a user’s
name, the name must be specified in the following format: "lastname, firstname".
Matching will be case sensitive. The system will test only against non-deleted
users.
When using NAME with USER, an error will occur during formula validation if
any of the following is true:
o If the named user cannot be found in any domain
o If the named user is found in more than one domain
o If the named user is found in a single domain only but the user name is not
unique within that domain.
l LOGIN. If ref_type is LOGIN, the function will expect one or more Archer user
logon name values. Matching will be performed against users’ logons rather than
by their last and first names.
When using LOGIN with USER, an error will occur during formula validation if
any of the following is true:
o If the user referenced by logon cannot be found in any domain
o If the user referenced by logon is found in more than one domain
If the LOGIN string contains at least one @ sign, the system will assume that all
text following the last @ sign is a domain reference and the system will attempt
to locate that domain. If the LOGIN string does not contain a @ sign, the system
will look for an exact match for the entire login string in the Archer (NULL)
domain and the default domain.
Note: The system will attempt to match the domain name against both active and
deleted, for example, soft-deleted, domains. Only active domain names must be
unique; it is possible that a deleted domain has the same name as an active
domain. If the logon string exists in more than one of the domains that have the
same name, the system will fail the formula on validation.
If the domain can be found:
1. The system treats all text in the logon string before the last @ sign as the user
logon name and will attempt to find that user logon within the domain.

2. If the logon is found within the domain, the system will replace the logon
string in the formula with the ID of the user matching that logon.
If the domain cannot be found:
1. The system will look for an exact match for the entire logon string in the
Archer (NULL) domain and the default domain.
2. If only one user with that logon exists, the system will replace the logon string
in the formula with the ID of the user matching that logon.
l ID. If ref_type is ID, the function will expect one or more system-assign user ID
numbers. User IDs are assigned by the system and are always unique. User IDs
are numbers and should not be quoted. When using ID with USER, an error will
occur during formula validation if any of the following is true referenced user ID
cannot be found in any domain.
Examples:
Formula Result
IF(CONTAINS(ANY, GETUSERS([Technician]), USER(NAME, Standard

"Thurman, Laurie", "Winters, George")), "Standard", "Priority")
where the user "Thurman, Laurie" is selected in the Technician
User/Groups List field.
IF(CONTAINS(ANY, GETUSERS([Reviewer]), USER(NAME, "Jasper, Yes

Susan", "Miner, Burt", "Rollins, Jacob")), "Yes", "No")
where the user "Miner, Burt" is selected in the Reviewer Record
Permissions field.
IF(CONTAINS(ANY, GETUSERS([Manager]), USER(LOGIN, The value

"kjackson", "tbarnett@bigcompany.com", "jwilson@bigcompany.net", "Escalate" is
"smartin")),VALUEOF([Alert], "Escalate"), VALUEOF([Alert], selected in the Alert
NOVALUE( ))) Values List field.
where "Barnett, Tina" is selected in the User/Groups List field and her
Archer logon ID for the "bigcompany.com" domain is "tbarnett".
IF(CONTAINS(ANY, GETUSERS([Associates]), USER(ID, 76299, Found

56897, 79867)),”Found”, ”Not Found”)
where "Eastman, Tina" is selected in the User/Groups List field and her
system user ID is 79867.

USERFIRSTNAME Function
The USERFIRSTNAME function returns the first name of either the record creator or the record
editor. The creator is defined as the user who created the record (or is currently creating the record).
The editor is defined as the user who last edited the record.
Return Type: Text
Syntax: USERFIRSTNAME(user_type)
user_type Accepts the keyword CREATOR or EDITOR. If CREATOR is specified, the

function returns the first name of the user associated with creating the record. If
EDITOR is supplied, the function returns the first name of the user associated with
the most recent record update.
Examples:
Formula Result
"Hello, " & USERFIRSTNAME(CREATOR) Hello, Janet

where Janet is the first name of the record creator.
"Hello, " & USERFIRSTNAME(EDITOR) Hello, Miles

where Miles is the first name of the record editor.
USERLASTNAME Function
The USERLASTNAME function returns the last name of either the record creator or the record
editor. The creator is defined as the user who created the record (or is currently creating the record).
The editor is defined as the user who last edited the record.
Return Type: Text
Syntax: USERLASTNAME(user_type)

function returns the last name of the user associated with creating the record. If
EDITOR is supplied, the function returns the last name of the user associated with
the most recent record update.
Examples:

Formula Result
"Last Name: " & USERLASTNAME(CREATOR) Last Name: Rossi

where Rossi is the last name of the record creator.
"Last Name: " & USERLASTNAME(EDITOR) Last Name: Eldrich

where Eldrich is the last name of the record editor.
USERMIDDLENAME Function
The USERMIDDLENAME function returns the middle name of either the record creator or the
record editor. The creator is defined as the user who created the record (or is currently creating the
record). The editor is defined as the user who last edited the record.
Return Type: Text
Syntax: USERMIDDLENAME(user_type)

function returns the middle name of the user associated with creating the record. If
EDITOR is supplied, the function returns the middle name of the user associated
with the most recent record update.
Examples:
Formula Result
"Middle Name: " & USERMIDDLENAME(CREATOR) Middle Name: Ellen

where Ellen is the middle name of the record creator.
"Middle Name: " & USERMIDDLENAME(EDITOR) Middle Name: Quentin

where Quentin is the middle name of the record editor.
VALUEOF Function
The VALUEOF function maintains the validity of a Values List field selection. If the text of a value
is changed in the custom or global values list by the RSA Archer GRC administrator, this function
automatically updates the formula to use the new text for the value. For example, if the value "Blue"
is referenced in a formula with the VALUEOF function and that value is subsequently changed to
"Red" within the values list, the value reference "Blue" will automatically be changed to "Red"
within the formula.

From a user perspective, the VALUEOF function serves two additional purposes, it enables you to:
l Evaluate a Values List field for the presence of a specific value.
l Set value selections in a Values List field.
The following example shows the use of the VALUEOF function in a formula for a calculated
Values List field. The VALUEOF function is used for both the "value_if_true" and "value_if_false"
parameters within the IF function syntax.
IF([Risk Rating]>=10, VALUEOF([Criticality], "High"), VALUEOF([Criticality], "Low"))
In a record, this formula will evaluate Risk Rating, and if the value in that field is greater than or
equal to 10, the formula selects the value High in the Criticality calculated Values List field. If the
value in Risk Rating is less than 10, the formula selects the value Low in Criticality.
This second example shows the use of the VALUEOF function in a formula for a calculated Text
field. The VALUEOF function is used for the value parameter within the CONTAINS function
syntax.
IF(CONTAINS(ANY, [Location],VALUEOF([Location], "New York")),"Yes","No")
In a record, this formula produces the value "Yes" or "No" in the calculated Text field depending on
whether the value "New York" is selected in Location, which is a Values List field. If the value
"New York" is selected, the calculated Text field displays the value "Yes." If the value "New York"
is not selected, the calculated Text field displays the value "No."
Return Type: Text
Syntax: VALUEOF(field_ref, value1, value2…)
field_ref A reference to a field, for example, [field name].
value1, A value within a Values List field. Enter the value as "value", for example,
value 2, ... "Urgent". If the Values List field allows multiple selections, multiple values can be
entered as "value1","value2","value3".
VALUEOF([Values List Name], "value1", "value2", "value3"). For example,
VALUEOF([States], "Washington", "New York", "Massachusetts")
Examples:
Formula Result
IF(CONTAINS(ANY, [Location],VALUEOF([Office], "Chicago”, "Local", Local

"Global")))
where the selected value in Location is Chicago.

Formula Result
IF(CONTAINS(ANY, [Region], VALUEOF([Region], "Northeast")), Connecticut

VALUEOF([Office], "Connecticut", "New York", Massachusetts"), VALUEOF New York
([Office], "Kansas", "Illinois", "Texas"))
Massachusetts
where the selected value in Region is Northeast.
IF(CONTAINS(ANY, [Color], VALUEOF([Color], "Red", "Green", "Blue", Other

"Yellow")), "Primary Color", "Other")
where the selected value in Color is Silver.
WEIGHTEDSCORE Function
The WEIGHTEDSCORE function returns the weighted score value for the values selected in a
Values List question. This function is only useful if you assigned a weight to the Values List
question and you assigned a numeric value to each of the possible answers to the question.
Using this function will execute the following calculation:
[values list selection numeric value] * [values list question weighting] = WEIGHTEDSCORE
or (for multi-select Values List questions):
SUM([values list selection numeric value1], [values list selection numeric value2]) * [values list
question weighting] = WEIGHTEDSCORE
The WEIGHTEDSCORE function can only be used within a questionnaire and can only reference a
Values List question.
Syntax: WEIGHTEDSCORE(field_ref)
Example:
Formula Result
WEIGHTEDSCORE([New User Access]) 50

where the weighting value for the New User Access question is "10" and the numeric
value for the answer is "5".

WEIGHTING Function
The WEIGHTING function returns the weighting value of a Values List question. The
WEIGHTING function can only be used within a questionnaire and can only reference a Values List
question.
Syntax: WEIGHTING([field_ref])
Example:
Formula Result
WEIGHTING([New User Access]) 10

where the weighting value for the New User Access question is "10".
CONCATENATE Function
The CONCATENATE function joins up to 255 text strings into 1 text string. The joined items can be
text, numbers, cell references, or a combination of those items. You must specify any spaces or
punctuation that you want to appear in the results as an argument that is enclosed in quotation marks.
Return Type: Text
Syntax: CONCATENATE(text1, text2, ...)
text1 The first text item to be concatenated.
text2, ... Additional text items, up to a maximum of 255 items. The items must be separated
by commas.
Example:
Formula Result
CONCATENATE([First Name], " ", [Last Name]) John

where the value in the First Name field is "John" and the value in the Last Name field Smith
is "Smith".

FIND Function
The FIND function searches for a specific character or text string within another text string. It
returns the number of the character at which the specific character or test string is first found. The
FIND function is case sensitive.
Syntax: FIND(find_text, field_ref, start_num)
find_text The character or text string you want to find. You can format this parameter as a
hard-coded character or text string, for example, "sci", or as a Text-field reference,
for example, [field name].
field_ref A Text-field reference, for example, [field name].
start_num The character number in the field_ref parameter at which you want to start
searching for the find_text parameter. If this parameter is omitted, the search will
begin at the first character in the Text field. If this parameter is less than or equal to
0 (zero) or is greater than the number of characters in the Text field, a formula
validation error will occur.
Examples:
Formula Result
FIND("Sci", 10 (because "Sci" begins at the tenth character in this text string)
[Subject])
where the value
in the Subject
field is "Arts and
Sciences".
FIND("s", 17 (notice that the first "s" in the Subject field value was skipped because the
[Subject], 5) start_num parameter required that the search begin at the fifth character and
where the value the "S" in the Subject field value was skipped because it does not match the
in the Subject case specified)
field is "Arts and
Sciences".

LEFT Function
The LEFT function returns the first character or characters in a text string, based on the number of
characters that you specify. LEFT is intended for use with languages that use the single-byte
character set (SBCS). LEFT always counts each character, whether single-byte or double-byte, as 1,
regardless of what the default language setting is.
Syntax: LEFT(text,num_chars)
text The text string that contains the characters that you want to extract.
num_chars The number of characters that you want LEFT to extract. Note that:
l Num_chars must be greater than or equal to zero.
l If num_chars is greater than the length of text, LEFT returns all of

text.
l If num_chars is omitted, it is assumed to be 1.
Examples:
Formula Result
LEFT([Text],4) First four characters in the string (Sale)

where the value in the Text string is Sale Price.
LEFT([Text]) First character in the string (S)

where the value in the Text string is Sweden.
LEN Function
The LEN function returns the number of characters in the supplied string.
Syntax: LEN(text)
text The text string to be evaluated. This parameter should be formatted as a Text-field
reference, for example, [field name].

Example:
Formula Result
LEN ([Last Name]) 5

where the value in the Last Name field is "Jones".
LOWER Function
The LOWER function converts all characters in the supplied text string to lowercase. This function
does not affect non-alphabetic characters.
Return Type: Text
Syntax: LOWER(text)
text The text string to be converted to lowercase. This parameter should be formatted as
a Text-field reference, for example, [field name].
Examples:
Formula Result
LOWER([Name]) jake miller

where the value in the Name field is "Jake Miller ".
LOWER([Email Address]) suzy.williams@shore2shore.org

where the value in the Email Address field is
"SUZY.WILLIAMS@Shore2Shore.org".
MASKEDTEXT Function
The MASKEDTEXT function returns the string value of the referenced Text field using the mask (if
any) defined for the field. If the function references a Text field for which a mask has not been
defined, the function will return the raw value from the field.
Note: Unless a Text field reference is wrapped in MASKEDTEXT, the calculation engine will
always evaluate the raw, unformatted value of the Text field.
Return Type: Text

Syntax: MASKEDTEXT(text_field)

text_field This parameter should be formatted as a Text-field reference, for example, [field
name].
Note: This function is valid only for Text fields.
Examples:
Formula Result
MASKEDTEXT([Phone]) (913)
where the raw value in the Phone field is 9137862356 and the Text field is defined to 786-2356
use a phone number mask.
MASKEDTEXT([SIN]) 046 454

where the raw value is 046454286 and the Text field is defined to use a custom mask 286
for the Canadian Social Insurance Number.
NUMBERFORMAT Function
The NUMBERFORMAT function is used to "pad" zeros (0) to the left of a given numeric value
based on the count of digits specified by the number "mask." The zero padding is only applied if the
number of digits in the numeric value falls short of the number of digits specified in the mask. This
function returns a text value (string) that can be concatenated to other strings or stored directly in the
Text field.
Return Type: Text
Syntax: NUMBERFORMAT(value, value_mask)
value The numeric value, which can be derived through a Numeric-field reference, for
example, [field name], or through the use of a function that returns a numeric value.
value_mask The mask used to format the returned text value. The value_mask parameter must be
enclosed in quotes.
The final placeholder in the value_mask parameter must always be a single pound
sign (#). The placeholders allowed for this function are:
0 = Zero placeholder
# = Value placeholder
Examples:

Formula Result
NUMBERFORMAT(TRACKINGID( ), "00#") 001

where the tracking ID returned by the TRACKINGID function is 1.
NUMBERFORMAT(TRACKINGID( ), "000000#") 0000937

where the tracking ID returned by the TRACKINGID function is 937.
CONTENTID( ) & "-" & NUMBERFORMAT(TRACKINGID( ), "000#") 878762-

where the content ID returned by the CONTENTID function is 878762 and the tracking 0008
ID returned by the TRACKINGID function is 8.
NUMBERFORMAT([Risk] + [Criticality], "00#") 019

PROPER Function
The PROPER function capitalizes the first letter of each word in the supplied string, as well as the
first letter that follows any non-alphabetic character in the string. All other letters in the string are
converted to lowercase.
Return Type: Text
Syntax: PROPER(text)
text The text string to be converted to proper text format. This parameter should be
formatted as a Text-field reference, for example, [field name].
Examples:
Formula Result
PROPER([Last Name]) Jane Pearson-Wyatt

where the value in the Last Name field is "jane pearson-wyatt".
PROPER([Last Name]) O’Neil

where the value in the Last Name field is "O’NEIL".
PROPER([Last Name]) St. John

where the value in the Last Name field is "ST. JOHN".

Formula Result
PROPER([Web Page]) Www.Archer-Tech.Com

where the value in the Web Page field is "www.archer-tech.com".
PROPER([Equipment Note]) This Is Mike’S Laptop.

where the value in the Equipment Note field is "This is Mike’s laptop."
RIGHT Function
The RIGHT function returns a specific number of characters from the right side of the string. For
example, if you specify 3 characters, the last 3 characters from the string will be returned.
Return Type: Text
Syntax: RIGHT(text, num_chars)
text The text string that contains the characters that you want to return. This parameter
should be formatted as a Text-field reference, for example, [field name].
num_chars Specifies the number of characters in the text string that you want to return. This
parameter must be greater than or equal to 0 (zero). If this parameter is negative,
the function will return an error.
Example:
Formula Result
RIGHT([Department Name], 4) ting

where the value in the Department Name field is "Marketing".
SUBSTRING Function
The SUBSTRING function returns a specified number of characters from a text string. When
creating a formula with this function, you specify the character position where you want to start
extracting text, and you specify the number of characters to return. For example, if you enter 1 as the
start position and 3 as the number of characters to return, you would get the substring "Mar" from a
Text field with the value "Marketing."
Return Type: Text
Syntax: SUBSTRING(text, start_num, num_chars)

text_field The text string that contains the characters that you want to return. This parameter
should be formatted as a Text-field reference, for example, [field name].
start_num Specifies the position of the first character that you want to extract from the Text
field. The first character in a string has a start number of 1. If the start number value
is less than 1 or is greater than the number of characters in the string, the calculation
will fail.
num_chars Specifies the number of characters in the Text field that you want to return. If you
specify a value that is larger than the total number of characters in the string, then
this parameter returns all characters to the end of the string.
Example:
Formula Result
SUBSTRING([Department Name], 1, 4) Mark

where the value in the Department Name field is "Marketing".
TRIM Function
The TRIM function removes spaces from text strings, with the exception of single spaces between
words. A common use for the TRIM function is to remove extra spaces from data received from an
integration or data import. Often, data formatted in another system has irregular spacing. Using the
TRIM function ensures that unnecessary spaces are removed from your Archer text.
Return Type: Text
Syntax: TRIM(text)
text The text string from which you want to remove the unnecessary spaces.
Example:
Formula Result
TRIM([Asset Description]) "The HR-DB Server is used to

where the value of the Asset Description field is " The HR- store our human resources
DB Server is used to store our human resources information. information."
"

UPPER Function
The UPPER function converts all characters in the supplied string to uppercase. This function does
not affect non-alphabetic characters.
Return Type: Text
Syntax: UPPER(text)
text The text string to be converted to uppercase. This parameter should be formatted as
a Text-field reference, for example, [field name].
Examples:
Formula Result
UPPER([Name]) JAKE MILLER

where the value in the Name field is "Jake Miller ".
UPPER([Web Site]) WWW.ARCHER-

where the value in the Web Site field is "www.archer-tech.com TECH.COM
".
ADDITION
+ Addition (3 + 3)
DIVISION
/ Division (3 / 2)
EXPONENTIATION
^ Exponentiation (3 ^ 2)
MULTIPLICATION
* Multiplication (2 * 3)

SUBTRACTION
- Subtraction (5 - 2)
Negation (-4)
EQUAL TO
= Equal to (3 = 3)
GREATER THAN
> Greater than (3 > 2)
GREATER THAN OR EQUAL TO
>= Greater than or equal to (3 >= 3)
LESS THAN
< Less than (2 < 3)
LESS THAN OR EQUAL TO
<= Less than or equal to (3 <= 3)
NOT EQUAL TO
<> Not equal to (3 <> 2)

CONCATENATE
& Concatenate, or join, two or more text strings to produce a single piece of text, for
example, "text" & "string".

Chapter 6: Sub-Forms
A sub-form is a special grouping of fields that can be embedded in any application to collect
information in individual records. When users add or edit a record in an application that contains a
sub-form, they can add data to the sub-form multiple times.
You can customize a sub-form layout by doing the following:
l Add and arrange sections, fields, help text, objects, and custom controls.
l Add custom objects using HTML or JavaScript code to create buttons or other objects.
l Add placeholders to create blank spaces between fields or sections.
l Add tab sets to group related tabs.
l Add tabs to group related fields.
l Set visibility properties to hide a field from users without deactivating or deleting the field.
You can manage a sub-form by doing the following:

l Assign ownership rights for the sub-form to other administrative users.
l Embed the sub-form in an application by creating a sub-form field in the selected application and
linking that field to the predefined sub-form.
l Establish basic sub-form structure, which includes naming, describing, and activating the sub-
form.
Adding Sub-Forms
From the Manage Sub-Forms page, you can create an original sub-form, or create a sub-form by
copying and modifying the properties of an existing one. If you select to copy a sub-form, your new
sub-form contains all of the fields and structural components of the copied sub-form, but it does not
include any attachment files or sub-form entries.
Step 1: Add a sub-form
1. Go to the Manage Sub-Forms page.
b. Under Application Builder, click Sub-Forms.

2. Click Add New.
l To add a new sub-form, click Create a new Field from scratch, and enter the Name and select
a Language for the new sub-form.
l To copy an existing sub-form, click Copy an existing Sub-Form and select the sub-form you
want to copy.
4. Click OK.
5. In the General Information section, enter the name, alias, and description.
6. (Optional) In the Options section, enable spell check.

Step 2: Add fields and objects to the sub-form layout
Note: To protect data integrity, the application prohibits field type changes. For example, you cannot
change a date field to a text field.
1. Go to the Layouts tab of the sub-form to which you want to add a field.
b. Under Application Builder, Sub-Forms.
c. Select the sub-form.
d. Click the Layouts tab.
2. Click Add New Field and do the following:
a. Select the field type you want to add.
b. Define the field for the sub-form.
c. Continue this process until all fields that you want are defined.
d. Save the fields.
3. Move the fields that you want onto the layout.

4. From the Add New Layout Object list, move the object you want onto the layout.

Adding and Removing Documentation from Sub-Forms

You can attach or remove supporting documentation to a sub-form.
Add documentation to a sub-form
1. Go to the General tab of the sub-form to which you want to attach a file.
3. Select the document file or files that you want to add to the sub-form.
4. Click OK.
5. Click Save.
Remove documentation from a sub-form
1. Go to the General tab of the sub-form from which you want to remove a file.
2. In the Documentation section, locate the file that you want to remove from the sub-form and
click the Delete icon in its row.
3. Click Save.

Assigning or Revoking Sub-Form Owners

Sub-form owners can edit and customize sub-forms to which they are assigned. The creator of a sub-
form is automatically granted ownership rights to that sub-form. Ownership rights can be revoked by
other assigned owners. Owners do not automatically have access rights for the content stored in the
sub-form.
Assign sub-form owners
1. Go to the Administration tab of the sub-form you want to modify.
2. In the Sub-Form Owners field, click .
3. From the Available list, select the users or groups you want to assign ownership.

Revoke sub-form owners
1. Go to the Administration tab of the sub-form you want to modify.
2. In the Sub-Form Owners field, click .
3. From the Selected list, click Remove to the right of the user or group you want to revoke
ownership.


Changing the Sub-Form Status

When a sub-form is no longer needed but you do not want to delete it, you can change the sub-form
status from active to inactive.
Change the status of a sub-form
1. Go to the General tab of the sub-form you want to modify.
2. In the Status field of the General Information section, select the status for the sub-form.
Status Description
Active Users can enter data in sub-forms with Active status. Active sub-forms can be
displayed in an application.
Inactive Inactive sub-forms cannot be displayed in an application. If a sub-form that is

already embedded in an application is inactive, the field that displays the sub-form is
also inactive. When a sub-form status is set to Inactive, data stored in a sub-form is
hidden from view until the sub-form and the corresponding sub-form field are
reactivated.


Deleting Sub-Forms
When you delete a field from a sub-form, all record data stored in that field is lost. If you delete a
system field type, data stored in the field is maintained in the database and continues to populate the
field in new and updated records, even though the data is not visible through the user interface.
Before deleting a sub-form, note the following important information:
l Sub-forms that are referenced by sub-form fields in applications cannot be deleted. You must first
delete the sub-form fields that reference the sub-form. View the referenced sub-form fields from
the Related Applications section on the General tab of that sub-form.
l Owners who have delete permissions can delete sub-forms to which they are assigned.
Delete a sub-form
1. Go to the Manage Sub-Forms page.
2. Select the row of the sub-form that you want to delete.
3. Click .
4. Click OK.

Chapter 7: Data Driven Events

RSA Archer GRC supports the ability to not only capture and report on data, but also to react
dynamically to data conditions or values in the system. Data driven events (DDEs) are powerful
elements that react dynamically to data conditions or values in RSA Archer GRC.
A DDE is the conceptual combination of a rule and one or more linked actions.
l A rule is a set of one or more data conditions or values that must be met for the rule to evaluate to
true. Rules are evaluated in a specified rule order.
l An action is a predefined operation that is executed when linked to a rule. Actions are executed
only when the rule to which they are linked is evaluated as true.
Data driven events are associated with individual layouts in an application or questionnaire. Data
driven events are configured on the Events tab of the Manage Layout page and provide
administrators and application owners the ability to:
l Dynamically control page layout based on the state of content.
l Conditionally filter or set field values based on the state of content.
l Generate email notifications.
The Data Driven Event feature includes a utility, named Event Analyzer, for troubleshooting DDE
rules. The Event Analyzer provides a real-time view of rule evaluations and actions that are applied
as a result of user interaction with the content edit page.
DDE guidelines
When building DDEs, consider the following guidelines:
l Required fields that are hidden from the end user in an application are still required. Users cannot
save the record when this condition exists.
l Fields that are hidden in an application and are set to be required by an Apply Conditional Layout
(ACL) action are only required conditionally. When hidden fields are conditionally required by an
ACL, users can save the record.
l A rule condition that evaluates a Text field with the Display Control set to Text Area may result
in inconsistencies due to rich text markup when an operator other than Contains or Does Not
Contain is used.

l Tabs can be dynamically shown or hidden based on the current state of content, including nested
tabs. When a data driven event hides all sections on a tab, the tab is also hidden.
l Actions linked to the rule targeting a private field may not execute because not all users can
access the private field. Field permissions can be different for each user.
l Date and Values List field values that are set by an action can still be edited by the end user
unless the field is set to not be edited. For example, all other values in a Values List are filtered
by an action.
Data Driven Event Process Flow

Rules are evaluated and actions are executed in a rules session. A rules session is a single,
uninterrupted pass of evaluating rules in a specified order and executing linked actions for rules that
are true. The rule and its corresponding actions are processed at different times during the Record
Edit and Record Save processes depending on the type of action being invoked. It is important to
understand how DDEs are processed when adding, updating, or saving a record.
Process flow rules
Note: Off-layout refers to the fields that are available for selection but are not included in a section
layout.
l Off-layout and private fields to which the user does not have field permissions:
l Can be used as a rule condition to evaluate.
l Cannot be directly set.
l Calculated values are always evaluated after executing Save or Apply with the exception of
Generate Notification actions.
l Generate Notification actions are only executed by a record being saved. This action is executed
at the end of the record save process and is the only action executed after calculated fields and
record permission fields are computed.
l System fields can be used as rule conditions. The First Published Date and Last Updated Date
fields are not available until after the record is saved. Generate Notification actions are entirely
different from other actions and execute after these values are calculated.

Insert scenario - add new

When new content is loaded (Insert Scenario), a SINGLE pass of rules with SETS (Set Date and Set
Values List Selection) and FILTER (Filter Values List Items) actions occurs. Conditional layout is
processed against the result of the SINGLE pass.

Example: Add new process flow

Update scenario - edit

When content is loaded (Update Scenario), a SINGLE pass of rules with FILTER (Filter Values
List Items) actions occurs. Conditional layout is processed against the result of the SINGLE pass.

The following figure shows the Update Scenario – Edit process flow.


Data Driven Event Rules and Actions

When a DDE is triggered, each rule is evaluated and its linked actions are executed as applicable.
The action is only executed when the rule is true.
l Rules and actions are stored in separate libraries. A single rule can have any number of actions
linked to it. Additionally, a single action can be linked to any number of rules.
l Rules and actions are defined in the context of a specific application or questionnaire and are not
available to other applications or questionnaires. In leveled applications, rules and actions are
defined in the context of a specific level and are not available to other levels.
To create, edit, or delete both rules and actions, your user account must specify that you:
l Are an application owner
l Have update rights on the Manage Application page
l Have ownership rights to the questionnaire (if working on a questionnaire)
Depending on how rules are configured in an application or questionnaire, it is possible that the
actions defined for those rules could conflict with each other. It is important to understand the
effects and expected behaviors that can occur when an action is executed. Each action type includes
rules to consider when defining actions and suggestions for conflict resolution.
Relationships between rules and actions

A single rule can have any number of actions linked to it. Additionally, a single action can be linked
to any number of rules.

Recommended practices for rules and actions

Keep these practices in mind when defining data drive event (DDE) rules and actions.
l A default display action to show sections is not required. By default, all layout objects are shown.
The only time that you need to explicitly show a layout object is when another ACL action needs
to be overridden.
l RSA does not recommend using rules with the changed operator in ACL or Filter Values List
Items actions. The action is inconsistent from one save to another because the rule is true before
the save and false after. For additional information on changed operators, see rules for evaluating
changed operators.
l Do not associate rules evaluating only calculated fields with the Set Date or Set Values List
Selection actions. This action type is never executed because calculations are not updated until
after these actions are executed. These actions require a triggering field to be included in the rule
linked with the action.
l Do not associate rules with calculated fields and Changed Operators with actions other than
Generate Notification actions. These rules will never be true at that time because calculations are
not evaluated until after the actions are executed.
Rule-related tasks
l Adding Rules to Data Driven Events
l Setting the Rule Order of Data Driven Events
Action-related tasks
l Adding Apply Conditional Layout Actions
l Adding Filter Values List Item Actions
l Adding Generate Notification Actions
l Adding Set Date Actions
l Adding Set Values List Selection Actions

Data Driven Event Rules

A rule is a set of one or more data conditions or values that must be met for the rule to be true.
Actions are executed only when the rule to which they are linked is true.
Example: Rule that always evaluates true

If your business practice requires a rule to always evaluate to true, create a rule with the filter
criteria set to Record Status equals New OR Updated, as shown:
A rule can be linked to one or more action types. Rules are evaluated sequentially according to the
priority in which they are assigned in the Rule Order dialog box.
l Rules are owned by the application or questionnaire to which they are linked, and are not
available to other applications or questionnaires.
l Rules are evaluated and actions are executed in a rules session.
l A rules session is a single uninterrupted pass of evaluating rules in a specified order and
executing linked actions for any rules that are true.
l A rules session is invoked when a record is added, changed, or saved.
l Rules can be copied and edited to make similar rules.
l Rules can be based on field types that allow for a user selection or data entry.
The following fields cannot be used in a rule:
l Access History l Image
l Attachment l Multiple Reference Display Control
l CAST (Detail) (MRDC)
l CAST l Questionnaire Reference (QRFT)
(Scorecard) l Scheduler
l Discussion l Tracking ID
l External Links l Voting
l History Log

Note: Sub-forms can be used in a rule, but not the fields in the sub-form.
Rule tasks for DDEs
l Adding Rules to Data Driven Events
l Setting the Rule Order of Data Driven Events
Data Drive Event Rules Evaluation

Rules are evaluated based on user interaction and calculated fields.
Rules for executing actions based on user interaction
User
Resulting Action
Interaction
On New All rules are evaluated.

Set, filter, and ACL actions are executed.
On Edit All rules are evaluated.

Filter Value List Item and ACL actions are executed.
On Field All rules are evaluated.

Modification Set actions linked to rules containing the modified field as a rule condition, Filter
Value List Item, and ACL actions are executed.
On Save Calculated fields are calculated.

All rules are evaluated.
Generate Notification actions are executed.
Rules for executing action based on calculated fields
User
Resulting Action
Interaction
On New Calculated field value is null.

Rules evaluating a null value or evaluating the absence of a specific value (Does
Not Equal, Does Not Contain) are evaluated to true and linked set, filter, and ACL
actions are executed.

User
Resulting Action
Interaction
On Save Calculated field value is updated by the Content Save process.

Generate Notification actions is executed based on the updated calculated field
value.
On Edit Calculated field value was already updated by the Content Save process.
Filter and ACL actions are executed based on the updated calculated field value.
On View Calculated field value was already updated by the Content Save process.
ACL actions are executed based on the updated calculated field value.
On Field Calculated field values cannot be directly modified by the end user.
Modification
Rules for evaluating changed operators

The Changed operator only evaluates the previously saved value of a field against the current value
of the field. For new content, the initial state of the value is considered empty.
Scenario Rule 1 has the Changed operator set to Changed.

Field A currently has a value of null (empty).
User Input 1: User changes the value of Field A to 2.
User Input 2: User removes the value of 2 in Field A.
Result Rule 1 is evaluated as true from User Input 1.

Rule 1 is evaluated as false from User Input 2.
Only the first change triggers the data driven event and not the second one because the
final state of the value is the same as its original state.
Adding Rules to Data Driven Events

Complete this task to add a rule to a data driven event.
Add a rule to the data driven event
1. Go to the Rules tab of the application that you want to update.

d. Do one of the following:
l If the application is not enrolled in Advanced Workflow, click the Layout tab.
l If the application is enrolled in Advanced Workflow, click the Layouts tab, and select the
layout with which you want to associate the event.
e. Click the Rules tab.
2. Click Add New.
l To add a new a rule, click Create a new Rule from scratch.
l To add a rule from an existing rule, click Copy an existing Rule and select the rule you want
to copy.
l If the application is not leveled, go to the next step.
l If the application has multiple levels, select the level where you want to create the rule.
5. Click OK.
6. In the General Information section, enter the name and description of the rule.
7. In the Criteria section, use the fields provided to specify the field to evaluate, the operator, the
value or values and, if applicable, the relationship to the subsequent row of filter criteria. Each
row on this page represents one set of filter criteria.
a. Specify filter criteria in the first row. If needed, enter a second set of filter criteria in the
second row.
b. To add additional rows for specifying more filter criteria, click Add New.
Note: This link is only enabled when the action is available.

c. To change the relationship between the rows of filter criteria, in the Advanced Operator
Logic field, enter a new value. The default value is "And."
d. To delete a condition, click in that row.
Note: The system automatically renumbers the criteria rows, but you may need to modify any
advanced operator logic accordingly.
For example, if your business practice requires a rule to always evaluate to true, create a rule
with the filter criteria set to Record Status equals New OR Updated, as shown in the following
figure.
8. In the Linked Actions section, click Select Actions.
9. Select one or more actions that you want to link to this rule and click OK.
10. Click Save.
Remove actions from a rule

You can disassociate an action from a rule without deleting the action.
2. Click the rule that you want to update.

3. In the Linked Actions section, click next to the action that you want to disassociate from the
rule.
4. Click Save.
Delete a data driven event rule

If you no longer need a rule, you can delete it. Deleting a rule does not delete the actions linked to it.
The actions continue to exist in the Action Library and maintain their links with other rules.
2. Click the row and view the description of the rule that you want to delete.
3. Click for that rule.
4. Click OK.
Setting the Rule Order of Data Driven Events

The rule order of a data driven event determines the specific order in which the applicable actions of
each rule are executed. Use rule order to dynamically or conditionally control when actions are
executed based on a business process. You set the rule order on the Rule Order dialog box.
Rules are evaluated sequentially according to the priority in which they are assigned. Rule 1 is
ranked higher in priority than Rule 2, Rule 2 is ranked higher than Rule 3, and so forth.
Example: Setting the rule order

You have five rules. Each rule is evaluated individually starting with the highest priority (Rule 1)
and finishing with the lowest priority (Rule 5). The appropriate actions of each rule are executed

before the next rule in sequence is evaluated. This process continues until all rules are evaluated and
the applicable actions of each rule are executed.
Rules can contain actions that conflict with each other. Use the conflict resolution for the particular
action.
Set the rule order of a data driven event
2. Click Configure Rule Order.
3. Click one or more rules and drag and drop to the position you want.
4. Click OK.
5. Click Save.
Data Driven Event Actions

An action is a predefined operation that is executed when linked to a rule. Actions are:
l Stored in a library and can be used with any number of rules
l Only executed when linked to a rule that is true
l Reusable across multiple rules
l Owned by the application or questionnaire and are not available to other applications or
questionnaires

Fields that are defined in an application or questionnaire are used in an action. For example, fields
can be added to a section on the layout of an application or questionnaire and then be conditionally
required or hidden by an Apply Conditional Layout (ACL) action.
Action types
Action Type Description
Apply Configures dynamic record layouts based on the state of the record.
Conditional
Layout
Filter Values List Restricts the values available for selection in a Values List field to a subset of
Items the values defined for the field.
Generate Generates an email notification that is sent to specified users.

Notification
Set Date Configures and sets a value for a Date field that can be overridden.
Set Values List Configures and sets a value for a Values List field that can be overridden.
Selection
Action tasks
l Adding Apply Conditional Layout Actions
l Adding Filter Values List Item Actions
l Adding Generate Notification Actions
l Adding Set Date Actions
l Adding Set Values List Selection Actions
Delete an action
If you no longer need an action, you can delete it from the system. Deleting an action removes it
from the Action Library and disassociates it from any rules to which it is linked. You can
disassociate an action from a rule without deleting the action.
1. Go to the Actions tab of the layout that contains the action that you want to delete.

e. Click the Actions tab.
2. In the Action Library section, in the row of the action that you want to delete. click .
3. Click OK.

Apply Conditional Layout Action

The Apply Conditional Layout (ACL) action enables you to configure dynamic record layouts based
on the state of the record. ACL actions only affect view and edit modes. You and application owners
can choose to force sections or fields to display, make fields required, make sections or fields read
only, or not to display sections or fields. ACL actions can be configured to be applied to specific
users, groups, or both so that presentation can vary for different users. Using this action, you can:
l Determine which sections, fields, custom interface objects and text box objects are displayed.
l Override the read/write permissions for fields.
l Set the Required Field status for fields.
l Assign specific users, groups and fields to the actions so that the presentation can be different to
different users.
l Exclude users, groups, or fields from viewing the layout.

Example: ACL action
ACL The ACL action has a Record Permissions field selected with a default value of
Action User A.
Setup
Initial When the record is initially created, there is no value committed in the database for
Record the Record Permissions field. The ACL action does not apply to any users.
Creation
Post- After the record is saved, User A is committed in the database for the Record
Record Permissions field. The ACL action is applied only to User A.
Creation
With the exception of Required field settings, ACLs serve only as a cosmetic treatment to ease data
entry and viewing a form in a particular application or questionnaire. Fields that are hidden by an
ACL action are still available in search results and filters for defining reports, searches, and
notifications. Data that is hidden by an ACL action to a user cannot be printed or exported by that
user. Field access permissions are still applied for printing and exporting.
The Layout Configuration section enables you to select which sections and fields in the application
that you want to display as a result of this action.
Key things to consider

When working with this section, keep the following things in mind:
l The key icon indicates a key field and the calculator icon indicates a calculated field.
l The user must have edit privileges to edit a field. The settings on this page do not grant edit
privileges to an account that does not already have those privileges.
l Be careful when selecting to hide a required field. The field is still required, even if it is not
displayed.
l The settings in this section do not change the layout of the page. To change the layout, use the
Layout tab of the Manage Application page.
l If the layout of the application has multiple tabs, the Layout Configuration section includes
multiple tabs.
l Placeholders may still be displayed for a screen object even though the object is not displayed.

Adding Apply Conditional Layout Actions
You can add an Apply Conditional Layout action that modifies the elements that display within a
record and adjusts the properties of specific fields.
Important: If a field with a base setting of Required is not visible to the user, the user cannot save
the record. To solve this, you must either modify the application to display the required field for the
user or change the field settings so that it is no longer required.
Add an apply conditional layout action

After the action is saved, you can link the action to the applicable rule. The relationship between
rules and actions are specified on the Manage Action page. If the action has been linked to a rule,
the associated rules are listed in the Associated Rules section.
1. Go to the Actions tab of the layout that you want to update.

layout with which you want to associate the action.
2. In the Action Library section, click Add New.
l To add a new action, click Create a new Action from scratch and click Apply Conditional
Layout from the Available Actions list.
l To add an action from an existing action, click Copy an existing action and select the ACL
action you want to copy from the Available Actions list.
4. Click OK.
5. In the General Information section, enter the name and description for this action.
6. In the Layout Configuration section, do the following:

a. Select the sections that you want to display.
b. For each section that you display, select the fields that are required, read only, or hidden. The
options available may vary for different types of fields.
7. In the Qualified Users/Groups section, select the users, groups, or fields that you want to include
or exclude from this conditional layout.

Apply Conditional Layout Rules
Sections and fields that are hidden by an ACL action are still available in search results and filters
for defining reports unless otherwise controlled by field permissions. If a field contains multiple
conflicting Apply Conditional Layout actions, RSA Archer GRC executes the action that is highest
in the following order of precedence:
1. Section-level Read Only
2. Section-level Display*
3. Section-level Do Not Display
4. Section-level Use Default Settings
5. Field-level Required
6. Field-level Read Only
7. Field-level Display
8. Field-level Do Not Display
9. Field-level Use Default Settings

*When a Section-level Display action takes precedence, field-level settings are respected. For
example, if an action sets a section to Do Not Display and another action sets a field within the
section to Read Only, the section is not displayed because the section-level Do Not Display setting
takes precedence.

Section-Level options
Sections determine how fields are organized on the layout of an application or questionnaire. A
section-level option can override a field-level option.
Option Description
Use All fields and objects in the section are displayed. Individual fields and objects in the
Default section can have field-level options configured.
Settings
Display All fields and objects in the section are forced to display (subject to the user having field
permissions to that field). Individual fields and objects in the section can have field-level
options configured.
Read Affects all of the fields in the section, but does not impact the non-field objects in the
Only section, such as custom interface and text box objects.
All fields in the section are displayed as read only and are not available for editing.
Individual fields in the section cannot have field-level options configured. Objects in the
section function as originally configured.
Do Not All fields and objects in the section are not displayed. Individual fields and objects in the
Display section cannot have field-level options configured.
Field-Level options
Fields are defined in an application or questionnaire and then used in an action. Fields are added to
sections on the layout and can be conditionally required or hidden by an ACL action. A field-level
option can be overridden by a section-level option.
Example: Field-level option
Scenario Field A in Section 1 has a field-level setting of Required.

Field A is moved to Section 2 that has a section-level setting of Do Not Display.
Result The Required setting of Field A is removed, and Field A inherits the Do Not Display
section-level setting.

Available field-level options
Option Description
Use Default Field behaves as defined.

Settings
Display Field is forced to display (subject to the user having field permissions to that
field).
Required Field is required.

The Required option is not available for fields that cannot be set to Required in
an application.
Read Only Field is displayed as read only and is not available for editing.
The Read Only option is not available for fields that are inherently read only, for
example, System fields.
Do Not Field is not displayed.

Display
Field-level rules
l An ACL action does not give users added field permissions, but it can restrict them. If a field is
set to Display and the user does not have read permissions to the field, the field is still hidden
from the user. If a user has full permissions to a field that is set to Read Only in an ACL action,
the user cannot modify the field.
l If a field is not displayed because of an ACL action, a user with field permissions can still search
the field and functions, such as data feed, and Web APIs can still reference the field.
l A field that is defined as required in an application can be set to one of the following options: Use
Default Settings, Display, Do Not Display, and Read Only. If a required field is set to Read Only
or Do Not Display and is hidden, the field is still required and a user cannot save the record.
l For the user to save the record, do either of the following:
l Modify the ACL action to display the field.
l Change the field in the application so that it is not required.
l Text box objects, custom objects, and trending charts have the following options: Use Default
Settings, Display, and Do Not Display. Placeholder objects cannot be modified by an ACL action
and do not have any available options.

l Changes to an application can affect previously configured field-level options. If a field with
field-level options is moved to a new section, the field-level options are evaluated according to
ACL Conflict Resolution rules of precedence. Specifically, field-level options are affected when
the new section has section-level options that are more restrictive than the field-level options of
the field.
User/Group access rules

An ACL action must have at least one user, group, or field (user/groups or record permissions)
specified to save the action. The specified user, group, or field determines to which users the ACL
action applies. If one or more of the following conditions are true, the ACL action is applied for a
user:
l The user is directly specified in the ACL action.
l The user is a member of a group specified in the ACL action (or is a member of a descendant
group if the Cascade option is specified).
l The user or a group of which the user is a member is specified in a User/Groups List or Record
Permissions field that is specified in the ACL action.
When a User/Groups List or Record Permissions field is selected in an ACL action, only the data
committed in the database is used for determining whether an ACL action is applied to the specified
user.
Users, groups, or fields can be excluded from viewing the layout. The ACL action is not applied to
any user, group, or field that is excluded.
Exclude user/group/field rules

The Exclude option enables administrators to exclude users, groups, or fields from an Apply
Conditional Layout (ACL) action. At least one user, group, or field must be included. The Everyone
group cannot be excluded. If a user, group, or field is explicitly selected for exclusion, the user,
group, or field will be excluded.
The following rules are applied to each element.
Rule Behavior
Exclude The ACL action will not be applied to a user who is explicitly excluded.
User

Rule Behavior
Exclude The ACL action will not be applied to all users who belong to the group that is explicitly
Group excluded.
The Cascade option is not selected by default.
l If the Cascade option is selected for a group that is included, all users belonging to a
sub-group and any member of the group is included.
l If the Cascade option is selected for a group that is excluded, all users belonging to a
sub-group and any member of the group is excluded.
A user who is explicitly included will be excluded if the group is excluded.

Example: Excluding a group
Scenario User A is a member of the Audit Management group.

User A is selected for inclusion in the ACL action.
The Audit Management group is selected for exclusion in the ACL action.
Results The ACL action does not apply to User A because the Audit Management
group is selected for exclusion and User A is a member of the Audit
Management group.
Exclude Any user that is selected in the user/groups list or record permissions field will be
Field excluded if the field is excluded.
A user who is explicitly included will be excluded if the user is selected in the field and
the field is excluded.
When a user/groups list or record permissions field is selected for inclusion or exclusion
in an ACL action, only the data committed in the database is used for determining
whether a user is included or excluded from the ACL action.
Conflict Resolution for Apply Conditional Layout Actions
Multiple ACL actions can apply to the same user at the same time. When multiple ACL actions
attempt to apply conflicting behaviors, the action that is ranked higher in the order of precedence is
executed as shown:
1. Section-level Read Only
2. Section-level Display*
3. Section-level Do Not Display
4. Section-level Use Default Settings

5. Field-level Required
6. Field-level Read Only
7. Field-level Display
8. Field-level Do Not Display
9. Field-level Use Default Settings

*When a Section-level Display action takes precedence, Field-level settings are respected.
Example: Section set to Do Not Display
Action Sets a section to Do Not Display.

1
Action Sets a field in the section to Required.

2
Result The section is not displayed and the field is not required because Action 1 (section-level
Do Not Display) takes precedence.
Example: Section set to Display
Action 1 Sets a section to Display.
Action 2 Sets the same section to Read Only.
Result The section is read only because Action 2 (section-level Read Only) takes precedence.
Example: Section level with precedence
Action Sets a section to Display.

1
Action Sets field X and field Y in the section to Do Not Display.

2
Action Sets field X in the section to Required.

3

Result The section is displayed, field X is set to required, and field Y is not displayed.
Because Action 1 (section-level Display) takes precedence, the section is displayed and
field-level settings are respected.
Because Action 3 (field-level Required) takes precedence over Action 2, Field X is set to
Required. There is no conflict with Field Y, so it is set to Do Not Display by Action 2.
Filter Values List Items Action

The Filter Values List Items action enables you to restrict the values available for selection in a
values list field to a subset of the values specified for the field.
Example: Filtering a values list using a filter values list items action
Scenario Field A is a Values List field with the following available values: Red, Orange,
Yellow, Green, and Blue.
Action 1 is a Filter Values List Items action that filters the list to Red and Blue.
Action 1 is linked to Rule 1.
Result When Rule 1 is true, Field A is automatically filtered to the values of Red and Blue
making them the only values available for selection.
Filter Values List Items rules
l A Filter Values List Items action cannot select "No Selection" as one of the available options for
the values list field.
l A calculated field cannot be the target of a Filter Values List Items action. If a Filter Values List
Items action is defined and the target values list field is later changed to a calculated field, RSA
Archer GRC deletes the Filter Values List Items action.
l If a child value in a hierarchical values list is selected in a Filter Values List Items action and the
parent value is not, the parent value is displayed after the action is executed but is not available
for selection.
l If a values list field is the target of a Filter Values List Items action and is deleted, the Filter
Values List Items action is also deleted.
l If a value list value is selected in a Filter Values List Items action and is deleted, that value is
removed from the Filter Values List Items action. If that value is the only value selected in the
action, the field is also deleted from the Filter Values List Items action.

l If a values list has an existing selection that is not in the filtered subset of values for the Filter
Values List Items action, the existing selection is removed when the Filter Values List Items
action executes.
Example: Replacing a value in a values list through a Filter Values List Items action
Scenario Field B is a values list field with the available values of Red, Orange, Yellow, Green,
and Blue.
Field B currently is set to Green.
Result When Rule 1 is true, the current value (Green) of Field B is replaced by the filtered
values of Red and Blue making them the only values available for selection.
The Cumulative Filters option on the Options window allows Filter Values List Items actions that
target the same field in different rules to have a cumulative effect.
Example: Cumulative filters
Scenario Field C is a values list with available values of Red, Orange, Yellow, Green, and Blue.
Field C currently is set to Orange.
Action 1 is a Filter Values List Items action that filters the list to Red. Action 1 is
linked to Rule 1.
Action 2 is a Filter Values List Items action that filters the list to Orange. Action 2 is
linked to Rule 2.
Action 3 is a Filter Values List Items action that filters the list to Yellow. Action 3 is
linked to Rule 3.
The Cumulative Filters option is selected.

Result When all three rules are true at the same time, the following occurs in this order:
1. When Rule 1 is true, the list is filtered to Red being available for selection, and the
current value of Orange is not selected.
2. When Rule 2 is also true, the list is filtered to Red and Orange being available for
selection, and the current value of Orange is selected.
3. When Rule 3 is also true, the list is filtered to Red, Orange, and Yellow, making
these values available for selection.
As an end result, the values Red, Orange, and Yellow are available values for selection
and the current selection (Orange) remains selected.
Adding Filter Values List Item Actions
You can create a Filter Values List action that limits the items available in a Values List field. For
example, if a Values List field contains these values by default: Red, Green, Yellow, Orange, and
Blue, you can create a Filter Values List action that excludes Orange and Blue and displays only the
Red, Green, and Yellow values.
If multiple Filter Values List actions target the same field within in the same rule, they have a
cumulative effect. For example, if the example Filter Values List described above is executed, and
then an additional Filter Values List action is executed that displays only Blue, the field will display
the Red, Green, Yellow, and Blue values. However, if the Filter Values List actions are not in the
same rule, the system will only execute the Filter Values List action that is highest in the rule order.
Add a filter values list item action

You cannot select a calculated values list field. After the action is saved, you can link the action to
the applicable rule. The relationship between rules and actions are specified on the Manage Rules
page. If the action has been linked to a rule, the associated rules are listed in the Associated Rules
section.
1. Go to the Actions tab of the layout that contains the event you want to update.

l If you want to add an action, select Create a new Action from scratch, and click Filter Values
List Items from the Available Action Types list.
l If you want to add an action from an existing action, select Copy an existing action and select
a filter values list items action from Available Action Types list.
4. OK.
5. In the General Information section, enter the name and description for this action.
6. In the Values List Filter section, complete the following:
a. From the Field list, select the field that you want to filter by.
b. In the Value(s) field, click to select the values that you want to make available for selection
in the filtered list.

Conflict Resolutions for Filter Values List Items Action
When there are multiple Filter Values List Items actions linked to the same rule, the actions are
cumulative.
Example: Filter Values List Items action linked to the same rule
Scenario Field C is a values list field with available values of Red, Orange, Yellow, Green, and
Blue.
Action 2 is a Filter Values List Items action that filters the list to Orange and Yellow.
Action 1 and Action 2 are linked to Rule 1.

Result When Rule 1 is true, Field C is automatically filtered to values Red, Orange, Yellow,
and Blue making them the only values available for selection.
Example: Values list targeted by Filter Values List Item and Set Values List Selection
actions
If multiple Filter Values List Items actions targeting the same values list field are linked to different
rules that are true at the same time, only the Filter Values List Items action linked to the rule with
the highest rule order is applied.
Scenario Field D is a Values List field with available values of Red, Orange, Yellow, Green,
and Blue.
Action 2 is a Filter Values List Items action that filters the list to Orange and Yellow.
Rule 1 is ranked higher than Rule 2.
Result When both Rule 1 and Rule 2 are true at the same time, Field D is automatically
filtered to values of Red and Blue making them the only values available for selection.
Example: Values list targeted by Filter Values List Item and Set Values List Selection
actions
If a Set Values List Selection action and a Filter Values List Items action targeting the same Values
List field are in conflict, only the Filter Values List Items action is applied.
Scenario Field E is a Values List field with available values of Red, Orange, Yellow, Green,
and Blue.
Action 1 is a Set Values List Selection action that sets the values of Green and Blue.

Result When both Rule 1 and Rule 2 are true at the same time, Field E is automatically filtered
to values of Red and Blue making them the only values available for selection.
The field is also automatically set to a value of Blue. (There is no conflict between
Action 1 and Action 2 for the value of Blue.)
Green is not selected because there is a conflict between Action 1 and Action 2, and
therefore only the Filter Values List Items action (Action 2) is applied.
Generate Notification Action

The Generate Notification action enables administrators to configure an email notification. When a
record is added or updated that meets defined rule conditions, the notification is sent to intended
recipients after the content is saved.
Generate Notification actions are different from other data driven event (DDE) actions in the
following ways:
l Rule order does not affect a Generate Notification action.
l Calculated field values are computed after clicking Save or Apply. The server order of operations
executes Generate Notification actions after the calculated fields are computed and system fields
are updated. When Generate Notification actions execute, the conditions are evaluated against
already calculated values of the calculated fields.
Because Generate Notification actions are executed after calculated fields are computed, it is
possible to have two actions (one being a Generate Notification action) linked to the same rule
where one action executes and the other one does not.
Scenario Field A is a calculated field with a formula of [Field C] + 1.

Field C has an initial value of 2.
Field B has an initial value of Green.
Field A has a value of 3 (calculated field: 2 + 1 = 3).
Rule: Field A = 5.
Action 1 is Set Values List Selection that sets Field B to Blue.
Action 2 is Generate Notification.

Result User edits this record and changes the value of Field C to 4.
The Set Values List Selection action executes before Field A is recalculated. Field A is
3 before being recalculated, and the rule evaluates to false (3 does not equal 5), so
Field B is not set to Blue.
When the user clicks Save, the following occurs:
1. The record is processed.
2. Field A is calculated (4 + 1), and its value is set to 5.
3. The rule evaluates to true, and the Generate Notification action executes. (Set
Values List Selection actions are only executed by user interaction, so the server
does not set Field B to Blue.)
Action 1 did not execute, but Action 2 did execute even though both of these actions are
linked to the same rule.
Note: There is no conflict resolution for Generate Notification actions. These action types are
executed when content is saved for rules that are true.
Generate notification rules

End users cannot subscribe or unsubscribe from generated notifications. Generated notifications are
automatically sent to all of the intended recipients.
Because calculations are done before rules are evaluated, it is possible that a rule is true in
View/Edit mode, but is false when the Generate Notification action is evaluated. This condition is
also the case in reverse.
If multiple Generate Notification actions are linked to rules that are true, saving one record causes
multiple notifications to be sent for the record. Each distinct Generate Notification action causes a
notification to be sent.
Example: Generate notification actions linked to separate rules
Scenario New Record A is added.

Action 1 is a Generate Notification action with its frequency set to Instantly.
Result When Record A is saved and both Rule 1 and Rule 2 are true, two notifications are sent
(one for Action 1 and one for Action 2).

Example: Multiple generate notification actions linked to same rule

Action 2 is a Generate Notification actions with its frequency set to Instantly.
Result When Record A is saved and Rule 1 is true, two notifications are sent (one for Action 1
and one for Action 2).
Example: Generate notification action linked to multiple rules

Result When Record A is saved and both Rule 1 and Rule 2 are true, only one notification is
sent because both rules are linked to the same Generate Notification action (Action 1).
Adding Generate Notification Actions
You can create a Generate Notification action that delivers alert emails to select users when a
record is added or updated. It can also send reminder emails based on date values. Recipients cannot
opt out of receiving these emails.
To set up a notification that users can elect to unsubscribe, use the Notifications feature instead.
Step 1: Add a generate notification action
1. Go to the Actions tab of the layout that contains the event that you want to update.

l To add a new action, select Create a new Action from scratch, and select Generate
Notification from the Available Action Types list.
l To create an action from an existing action, click Copy an existing action and select the
generate notification action you want to copy from the Available Action Types list.
4. Click OK.
5. In the Letterhead field of the Template Design section, select the letterhead for the notification.
6. In the Body Layout field, click to open the Body Layouts dialog box.
7. Select the applicable layout and click OK.
8. Click Apply.
Step 2: Define the content of the notification

You can define the content of a Generate Notification action using static and dynamic content. Static
content is text that remains the same for every notification, while dynamic content is content that
changes based on the unique parameters.
1. Go the Content tab of the Generate Notification action.

e. Click the Actions tab, and select the action.
f. Click the Content tab.
2. In the Template Design section, select the subject and content for the notification.
a. In the Subject line, enter the text you want to show as the subject of the notification.
Note: You cannot include the following fields in the subject line: Attachment, Cross-
Application Status Tracking, Image, Record Permissions, Sub-Form, Questionnaire
Reference, Access History, and History Log.
b. In the Body field, enter the content you want to show in the notification as text or reference
links.
l To enter a field, select the field or template you want for the admin type from the Toolbar
field.
l To enter a report, select the report you want from the Toolbar field.
l To enter a link, select the link you want from the Toolbar field.
You can also include fields (but not reports or links) in the subject line as dynamic information.
To enter a field, place your cursor in the location, click the Select a Field arrow and select the
appropriate field from the list.
3. Click Apply.
Step 3: Define the email properties of the notification
1. Go to the Delivery tab of the Generate Notification action.

e. Click the Actions tab, and select the action.
f. Click the Delivery tab.
2. In the Email Properties section, enter the email properties for this notification.
a. In From Address field, enter the email address from which this notification will be sent.
b. (Optional) In the Alias Field, enter the name you want to use as the sender for the email from
address.
c. (Optional) In the Importance field, select the status you want to associate to this
email: Normal, High, Low.
d. (Optional) In Read Receipt, select whether an acknowledgment is sent after the notification
is opened by the recipient.
l If you want to receive acknowledgment, select Enable Return Receipt.
l If you do not want to receive acknowledgment, select Disable Return Receipt, the
default selection.
3. In the Delivery Schedule section, define the frequency and its values for sending this
notification.
a. In the Frequency field, select the period in which you want to send the notification. Your
selection determines what you do next.
b. Enter the applicable values for the frequency you selected.
Note: Instantly and Reminder are not available for Scheduled Report Distributions.
Frequency Action
Instantly Go to the next step.
Daily a. In Time, set the time that you want to send the notification.
b. In Time Zone, select the Coordinated Universal Time (UTC) time zone.

Frequency Action
Weekly a. In Day, select the day of the week that you want to send the notification.
b. In Time, set the time that you want to send the notification.
c. In Time Zone, select the Coordinated Universal Time (UTC) time zone.
Monthly a. In Day, select the day of the month (1 through 31) that you want to send
the notification. Because not all months have 31 days, you might want to
consider 28 or before.
Quarterly a. In Time, set the time that you want to send the notification.
Note: A quarterly notification is sent on the first day of January, April,

July, and October.
Reminder a. In Time, set the time that you want to send the notification.
c. In Criteria, do the following:
i. In Field, select the date field to be used for evaluating the filtering
condition.
ii. In Operator, select the applicable operator, Equals, Does Not Equal,
Less Than, or Greater Than.
iii. In Day, select the number of days on which to evaluate the

occurrence.
iv. In Target, select After Date or Before Date.
d. (Optional) To add another condition, click Add New and repeat the steps
for adding criteria.
e. (Optional) To delete a criteria row, click .
4. Click Apply.

Step 4: Define the recipient rules for the notification

Recipients can be a dynamic or static list based on the notification type. A dynamic list is based on
the values of a Users and Groups list and record permissions or an email address stored in a field.
1. In the Email Recipient Options section, specify whether the notification is sent as separate
emails to each recipient or one email to all recipients.
Send Each Notification As

You can set email recipient options to determine whether you want send a separate notification
email to more than one recipient or send one email to multiple recipients.
Property Description
Send Each l Separate Emails - Sends a separate email to one or more recipients.
Notification Addressees receive an email that has been customized for permissions,
As
culture, time zone, and locale. This option allows you to use only the To field
for recipient email addresses.
l One Email - Sends an identical email to multiple recipients. The email is

primarily intended for a limited number of recipients and is not customized for
permissions, culture, time zone and locale. If there is no content in the
notification that all recipients have permission to view, the notification is not
sent.
This option allows you to use the To, Cc, and Bcc fields for recipient email
addresses. The maximum allowable number of recipients for this option,
expressed as a total from all three addressee fields, is determined in the
RSA Archer Control Panel.
2. In the Recipients section, do the following for To, CC, and BCC:
a. (Optional) In Dynamic, do one or more of the following:
l Expand the Groups tree and select the groups you want to receive the notification.
l Expand the Users tree and select the users you want to receive the notification.
l Expand the Fields tree and select the fields that contain the dynamic recipient based on
record permissions or email address.
b. Click OK.

c. (Optional) In Static, enter email addresses of the recipients you want to receive the
notification. When entering more than one email address, use a semi-colon to separate the
email addresses of recipients.
3. Click Save.
Set Date Action

The Set Date action enables administrators to specify a value for a date field based on the state of
the record. This value can then be overridden by the end user.
Important: When a data driven event includes a rule with a Set Date action and is used in a
questionnaire, the Review Date and Submit Date fields must be included in the General section of
the questionnaire. By default, these fields are included in this section.
Set Date options
Option Description
Current Date Sets the date field to the current date (and time to 12:00 A.M., if
enabled).
Set to Number of Days Sets the date field to the current date plus the specified number of days
from Current Date from the current date (and time to 12:00 A.M., if enabled).
Set to Specific Date Sets the date field to the date specified (and time, if enabled).
Set to Date Field to Removes any value currently set in the date field.
Blank
Set Date action rules
l A calculated field cannot be the target of a Set Date action. If a Set Date action is defined and
the target date field is later changed to a calculated field, the Set Date action is deleted.
l If a date field that is the target of a Set Date action is deleted, the Set Date action is also deleted.
l A rule cannot have multiple Set Date actions linked to it that target the same date field.
l A Set Date action replaces any current value specified in the field.
Example: Setting the date through a Set Date action

Scenario Field A is a Date field with the date of 12/25/2011.

Action 1 is a Set Date action that sets the date to 1/15/2012.
Result When Rule 1 is true, Field A is automatically set to a value of 1/15/2012.
Conflict resolution for Set Date

If multiple Set Date actions targeting the same date field are linked to different rules that are true at
the same time, only the Set Date action linked to the rule with the highest ranking in the rule order is
applied.
Example: Set Date action linked to multiple rules
Scenario Field B is a Date field.

Action 1 is a Set Date action that sets the date to the Current Date.
Action 2 is a Set Date action that sets the date to 1/15/2012.
Result When both Rule 1 and Rule 2 are true at the same time, Field B is automatically set to
the Current Date.
Adding Set Date Actions
You can create a Set Date action that changes the value displayed in a date field. You can set the
value to the current date, to a number of days from the current date, to a specific date or set the field
to blank. If the date field is configured to include date and time, you can set the date, time and time
zone.
You cannot link more than one Set Date action for the same date field in the same rule. If a rule set
has multiple Set Date actions for the same date field, only the first Set Date action is executed.
Important: A calculated field cannot be the target of a Set Date action. If a Set Date action is
defined and the target date field is later changed to a calculated field, the Set Date action is deleted.
Add a set date action


l If you want to create a new action, click Create a new Action from scratch and click Set
Date from the Available Action Types list.
l If you want to create a new action from an existing action, click Copy an existing action and
select the set date action from the Available Action Types list.
4. Click OK.
5. In the General Information section, enter the name and description of this action.
6. From the Field list in the Date Selection section, select the field that you want to modify.
7. From the Date Option list, select the date that you want to insert.
Option Description
Current Date The current date is displayed.
Set to Number of Days In the Future Days field that displays, specify the appropriate
from Current Date number of days in this field.
Set to Specific Date In the Specific Date field that displays, specify the appropriate
date.
If the field is configured for date and time, additional fields
display. Specify the time, if applicable.

Option Description
Set Date Field to Blank If that field is a required field, the system will prompt the user to
insert a date.
8. Click Save.
Set Values List Selection Action

The Set Values List Selection action enables you to specify one or more values for a values list field
based on the state of the record. This value can then be overridden by the end user.
Example: Setting values in a values list
Scenario Field A is a values list field with available values of Yes, No, and N/A.
Action 1 is a Set Values List Selection action that sets the value to Yes.
Result When Rule 1 is true, Field A is automatically set to a value of Yes.
Set Values List Selection action rules
l A Set Values List Selection action cannot set No Selection as a value.
l A calculated field cannot be the target of a Set Values List Selection action. If a Set Values List
Selection action is specified, and the target values list field is changed later to a calculated field,
the Set Values List Selection action is deleted.
l A rule cannot be set to less than the minimum selections specified for the field. If a rule has a Set
Values List Selection action linked to it that sets 1 field value, but the Minimum Selections setting
of the field is specified as 2, the rule cannot be saved. The existing Set Values List Selection
action must be modified to set a second value, or a second Set Values List Selection action that
sets an additional value must be linked to the rule.
Note: Changing the Minimum Selections and Maximum Selections fields after a rule is defined
does affect the validity of the Set Values List Selection action. These fields can be changed and
then saved without appearing to be in conflict with the action values specified. You must make
certain that all action values match the defined parameters of the rule.

l If a values list field that is the target of a Set Values List Selection action is deleted, the Set
Values List Selection action is also deleted.
l If a Value Lists value is selected in a Set Values List Selection action and is deleted, that value
is removed from the Set Values List Selection action. If that value is the only value selected in
the action, the field is also deleted from the Set Values List Selection action.
l A Set Values List Selection action replaces any current value selected in a field.
Example: Updating a value in a values list
Scenario Field C is a Values List field with available the values of Rejected, Approved, and In
Process.
Field C is currently set to In Process.
Action 1 is a Set Values List Selection action that sets the value of Approved.
Result When Rule is true, Field C is automatically set to the value of Approved.
Conflict resolution for Set Values List Selection action

Example: Set Values List Selection actions linked to same rule
If multiple Set Values List Selection actions are linked to the same rule targeting the same values
list field, the first action replaces the initial setting of the field, and subsequent actions are
cumulative.
Scenario Field D is a Values List field with available values of Reason 1, Reason 2, Reason 3,
Reason 4, and Reason 5.
Field D currently has a value of Reason 1.
Action 1 is a Set Values List Selection action that sets the value of Reason 2.
Action 2 is a Set Values List Selection action that sets the values of Reason 3 and
Reason 4.
Action 1, Action 2, and Action 3 are linked to Rule 1.
Result When Rule 1 is true, Field D is automatically set to the values of Reason 2, Reason 3,
Example: Set Values List Section action linked to different rules

If multiple Set Values List Selection actions targeting the same Values List field are linked to
different rules that are true at the same time, only the Set Values List Selection action linked to the
rule with the highest ranking in the rule order is set.
Scenario Field E is a Values List field with available values of Value 1, Value 2, and Value 3.
Action 1 is a Set Values List Selection action that sets the value of Value 1.
Result When both Rule 1 and Rule 2 are true at the same time, Field E is automatically set to
Value 1.
Set Values List Selection Action
The Set Values List Selection action enables you to specify one or more values for a values list field
based on the state of the record. This value can then be overridden by the end user.
Example: Setting values in a values list
Scenario Field A is a values list field with available values of Yes, No, and N/A.
Action 1 is a Set Values List Selection action that sets the value to Yes.
Result When Rule 1 is true, Field A is automatically set to a value of Yes.
Set Values List Selection action rules
l A Set Values List Selection action cannot set No Selection as a value.
l A calculated field cannot be the target of a Set Values List Selection action. If a Set Values List
Selection action is specified, and the target values list field is changed later to a calculated field,
the Set Values List Selection action is deleted.
l A rule cannot be set to less than the minimum selections specified for the field. If a rule has a Set
Values List Selection action linked to it that sets 1 field value, but the Minimum Selections setting
of the field is specified as 2, the rule cannot be saved. The existing Set Values List Selection
action must be modified to set a second value, or a second Set Values List Selection action that
sets an additional value must be linked to the rule.

Note: Changing the Minimum Selections and Maximum Selections fields after a rule is defined
does affect the validity of the Set Values List Selection action. These fields can be changed and
then saved without appearing to be in conflict with the action values specified. You must make
certain that all action values match the defined parameters of the rule.
l If a values list field that is the target of a Set Values List Selection action is deleted, the Set
Values List Selection action is also deleted.
l If a Value Lists value is selected in a Set Values List Selection action and is deleted, that value
is removed from the Set Values List Selection action. If that value is the only value selected in
the action, the field is also deleted from the Set Values List Selection action.
l A Set Values List Selection action replaces any current value selected in a field.
Example: Updating a value in a values list
Scenario Field C is a Values List field with available the values of Rejected, Approved, and In
Process.
Field C is currently set to In Process.
Action 1 is a Set Values List Selection action that sets the value of Approved.
Result When Rule is true, Field C is automatically set to the value of Approved.
Conflict resolution for Set Values List Selection action

Example: Set Values List Selection actions linked to same rule
If multiple Set Values List Selection actions are linked to the same rule targeting the same values
list field, the first action replaces the initial setting of the field, and subsequent actions are
cumulative.

Scenario Field D is a Values List field with available values of Reason 1, Reason 2, Reason 3,
Field D currently has a value of Reason 1.
Action 2 is a Set Values List Selection action that sets the values of Reason 3 and
Reason 4.
Action 1, Action 2, and Action 3 are linked to Rule 1.
Result When Rule 1 is true, Field D is automatically set to the values of Reason 2, Reason 3,
Example: Set Values List Section action linked to different rules

If multiple Set Values List Selection actions targeting the same Values List field are linked to
different rules that are true at the same time, only the Set Values List Selection action linked to the
rule with the highest ranking in the rule order is set.
Scenario Field E is a Values List field with available values of Value 1, Value 2, and Value 3.
Result When both Rule 1 and Rule 2 are true at the same time, Field E is automatically set to
Value 1.
Adding Set Values List Selection Actions
You can create a Set Values List Selection action that selects one or more specific values within a
values list field. This action changes the default value in the field. This value can be edited by the
user if needed. For example, if a values list field has the options Yes, No, and N/A, you can create a
Set Values List Selection action to automatically set the value in the field to Yes.
If multiple Set Values List Selection actions linked to the same rule affect the same values list field,
they have a cumulative effect. For example, if one action sets the value to Red and a subsequent
action in the same rule sets the value to Blue, the final value is Red and Blue.
Important: You can only select a values list field and cannot select a calculated values list field.

Add a set values list selection action

l To add a new action, click Create a new Action from scratch and click Set Values List
Selection from the Available Action Types list.
l To add an action from an existing action, click Copy an existing Action and select the set
values list selection action you want to copy from the Available Action Types list.
4. Click OK.
5. In the General Information section, enter the name and description of the action.
6. In the Values List Selection section, from the Field list, select the field that you want to modify.
7. Click in the Value(s) field to select the value or values that you want displayed for selection.
8. Click Save.
Troubleshooting Data Driven Events Using Event Analyzer

The Event Analyzer provides a real-time view of rule evaluations and actions that are applied as a
result of user interaction with the content edit page. The analyzer is only available for applications
and questionnaires that have valid configured Data Driven Events (DDEs). The analyzer only
captures browser-executed actions. It does not analyze Generate Notification actions. The initial
state of the content or server evaluation or processing is not logged to the console window.

Event Analyzer
The Event Analyzer dialog box shows a real-time summary of the rules and actions in an application
and how the conditions are evaluated. The Event Analyzer dialog box shows the following
information:
l Rules evaluated
l Conditions evaluated (true or false)
l Actions executed
Use the Event Analyzer to validate the actions against the conditions of DDE rules in real time. If a
problem is detected, you can make the necessary modifications to the DDE and validate the rule
again until the expected results are achieved.
Any change a user makes to the content that triggers a rule to be evaluated is logged to the analyzer
console window.
The information logged to the analyzer console window includes:
l Any rule that was evaluated.
l The true or false result of each individual filter condition in the rule.
l Any corresponding actions that were applied as a result of the overall rule evaluating to true.
Troubleshoot DDEs using Event Analyzer
1. Open the application that contains the data driven events that you want to troubleshoot.
a. From the menu bar, click the Solution Name menu.
b. From the Solutions list, click the solution.
c. From the applications list, click the application.
d. From the Record Browser, select the record.
2. Display a record in Edit mode.
3. Press CTRL+ALT and click the mouse button.
4. Click Enable to start monitoring data driven event activity.
5. Interact with the record to execute any data driven events within the application.
6. Click Clear at any time to reset the information displayed in the dialog box.
7. When finished, click Disable in the Event Analyzer dialog box.

Note: You can also close the record to automatically disable the monitoring process.

Chapter 8: Layouts
By default, each application and questionnaire contain a Layout tab, which enables users to create a
single layout for an application or questionnaire. When a user adds an advanced workflow to an
application or questionnaire, the Layout tab becomes the Layouts tab, enabling users to create
multiple layouts per application or questionnaire.
From both the Layout and the Layouts tab, you can create an intuitive interface for users as they add
and edit records in an application, questionnaire. You can specify which fields appear on and off the
layout, whether they display in tab sets, sections, supporting text or custom controls.
Note: Sub-forms only have a Layout tab as they do not support the advanced workflow feature.
Other important features on each tab includes:

l You can hide fields from the end-user view without deactivating or deleting a field, which can be
especially useful with calculated fields that you want to calculate in the background without
displaying to your users.
l You can define tab sets and specify the default tab to display when users add or edit records.
l You can provide page-level and field-level help using text boxes, which you can place anywhere
on the layout.
l You can use page shading options to further customize the look of individual pages.
l You can use the icons to identify the field type when creating your layout.
Customizing the layout includes:

l Adding Fields to the Layout
l Adding Objects to the Layout
l Adding Tab Sets on the Layout
l Adding Trending Charts to the Layout

Adding Additional Layouts

Multiple layouts are available for applications or questionnaires that contain an advanced workflow.
Applications that do not contain an advanced workflow have only a single layout, called the Default
Layout. In order to access the multiple layouts functionality, you must first create an advanced
workflow. When you create an advanced workflow, the Layout tab in the application becomes the
Layouts tab. Multiple layouts can be created from the Layouts tab or from within the Workflow
Process Designer. The multiple layouts functionality enables administrators to present different
information for users depending on which step the user is on in the workflow process. For example,
a Close Incident step may need a layout that shows some limited information about the incident and
asks the user for closure comments.
Important: When modifying layouts from within the Workflow Process Designer, you cannot add
new fields or update existing fields. You can only add or remove existing objects to or from the
layout and arrange existing objects on the layout. If you wish to modify field attributes or add new
fields, you must do this from the Layouts tab.
Add a layout from the Layouts tab
1. Go to the application or questionnaire to which you want to add an additional layout.
2. Create an advanced workflow. For more information, see Create an advanced workflow.
3. Click the Layouts tab.
4. Click Add New.
5. In the Creation Methods section, select a method for creating a layout, and click OK.
6. Complete the General tab.
7. Click Save.
Add a layout from the Workflow Process Designer
1. Go to the application or questionnaire to that contains the advanced workflow to which you want
to add an additional layout.

2. Click the Advanced Workflow tab.
3. Create an advanced workflow. For more information, see Create an advanced workflow.
4. Select the User Action or Wait for Content Update node for which you want to add a new layout.
5. In the Node Properties menu, click .
6. In the Creation Methods section, select a method for creating a layout, and click OK.
7. Complete the General tab.
8. Click Save.
Adding Fields to the Layout

You can drag-and-drop existing fields, or add a new field onto the page layout of applications,
questionnaires, and sub-forms. After you have added a field to the layout area, you can also move it
up or down, from column to column, or from tab to tab. You can also configure the field to span
across multiple columns in the layout.
Important: The designated key field in the application must be on the page layout. Always include
the key field when adding fields on the layout.
Note: If you want a field to remain active, but do not want the field to be visible to users, you can
leave the field in the Available Fields list instead of placing the field on the page layout. For
example, you may have a system field that is referenced in a formula for a calculated field. It would
be important for the field to remain active so the system can continue to populate the value of the
field and use those values in calculations, but you might want to hide the field from your users view.
Key guidelines for adding objects to the layout
l To drag a field onto the layout, click the field in the Available Fields list and drag it to the
position on the layout you want.

Note: For questionnaires, the Review Date and Submit Date fields must be on the layout to be
updated by the Set Date action of a data driven event. In addition, the Set Date actions for setting
the review date and setting the submit date are created in DDE rules for Set Review Date and Set
Submit Date. By default, the Review Date and Submit Date fields are in the General Information
section of the page layout.
l If you are working in a two-column layout and want a field to span across columns, click the drop
down arrow on the field, select Edit Span Properties, and then select Span two columns in the
Span Type section.
1. Select Edit Span Properties and select one of the following options from the Column Span
section.
Option Description
Do not span columns The element consumes only one column of space.
Span two columns The element always spans across the two columns.
2. Select one of the following options from the Row Span section.
Option Description
Do not span The element consumes only one row of space.

rows
Span The element consumes the number of rows you select from the Rows
span box.
Add fields to the layout
1. Open the layout that you want to update.
b. Under Application Builder, click Applications, Questionnaires, of Sub-Forms.
e. If you have advanced workflow enabled, open the layout that you want to update, and click
the Designer tab.

2. (Optional) For a leveled application, select the data level from the Level list in the left pane for
the layout you want to update.
3. From the Available Fields list, click the field you want on the layout and drag it to the location
you want.
4. Continue this process until all fields that you want are on the layout.

Create a new field from the layout
the Designer tab.
2. In the Available Fields list, click Add New Field.
3. Select the field type.
4. Finish configuring the field based on the field type.
Adding Objects to the Layout

You can drag-and-drop objects, such as tab sets, sections, text boxes, placeholders, custom objects,
and trending charts on the layout of applications, questionnaires, and sub-forms. After you have
added an object to the layout area, you can also move the object up or down, from column to column,
or from tab to tab. You can also configure some objects to span across multiple columns in the
layout.
Note: You can also add fields, tab sets, and trending charts to the layout:

Key guidelines for adding objects to the layout
l To add a tab set, section, text box, placeholder, custom object, or trending chart to the page
layout, click the object from the Add New Layout Object list, and drag it to the location you want.
l To move a single object, click the object and drag it to the location you want.
l If you are working in a multi-tab layout and you want to move an object from one tab to another,
click and drag the object to the tab you want.
l If you are working in a two-column layout and want a custom object, placeholder, text box, or
trending chart to span across columns, click the drop down arrow on the object, placeholder, text
box, or trending chart, select Edit Span Properties, and then select Span two columns in the
Span Type section.
1. Select Edit Span Properties and select one of the following options from the Column Span
section.
Option Description
Do not span columns The element consumes only one column of space.
Span two columns The element always spans across the two columns.
2. Select one of the following options from the Row Span section.
Option Description
Do not span The element consumes only one row of space.

rows
Span The element consumes the number of rows you select from the Rows
span box.
Add custom objects to the layout

Custom objects enable you to enter code you have written to create buttons or other objects. For
example, you can create Next and Previous buttons using JavaScript code so that your user can click
to move from tab to tab when adding or editing records.

b. Under Application Builder, click Applications, Questionnaires or Sub-Forms.
the Designer tab.
2. If you are working in a leveled application, from the Level list in the left pane, select the data
level that contains the layout you want to manage.
The fields and other page elements for that level are displayed in the layout area and in the
Available Fields list.
3. Expand the Add New Layout Object list and click and drag the Add Custom Object option to the
layout area.
4. In the Name field, enter a name for the custom object.

This name is displayed on the Layout tab of the Manage Applications or Manage Questionnaires
page, but it is not displayed for users when they add, edit, or view records in the application.
5. In the Description field, enter a description for the object.
6. In the Code field, enter or paste the HTML or JavaScript code for the object.
7. In the Display section, select one of the following modes for the object to be displayed as users
add and edit records in the application:
Field Description
Edit Mode Displays the custom object when editing a record.
View Mode Displays the custom object when viewing ta record.
Both Displays the custom object when viewing or editing a record.
8. Click OK.

Add placeholders to the layout

Add placeholders to the layout to create space between other layout objects, such as fields, sections,
text boxes, and custom objects.
the Designer tab.
3. Select Add New Layout Object.
4. Click and drag the Add Placeholder option to the layout area.

Add sections on the layout

Add sections as headings to group related fields together. For example, you might create a section
called “Contact Information” to group the information for phone, fax, and email of a contact.
b. Under Application Builder, click Applications, Questionnaires or Sub-Forms.

c. Select the application, questionnaire, or sub-forms.
the Designer tab.
2. Select Add New Layout Object in the left pane.
3. Click and drag the Add Section option to the layout area.
4. In the Section Name field, enter the heading that you want to display in the layout.
5. In the Default Visibility field, select the Expanded or Collapsed option depending on whether you
want the section to be expanded or collapsed by default.
6. (Optional) Do one or both of the following to add panel text or help text to the section:
l To add an information panel to provide your users with additional details about the section,
select Panel Text and enter the text that you want to display.
l To add Help text to provide your users with detailed instructions and background information
about the section, select Help Text and enter the text that you want to display.
7. (Optional) Customize your text and add dynamic elements, such as images and Flash animation,
using the options available in the Rich Text Editor toolbar.
8. Click OK to close the Section Description dialog box.

Add text boxes on the layout

Add text boxes to the page layout to provide guidance or additional information that users may need
to successfully interact with fields.

Example: Text box arranged among fields in a record
the Designer tab.
3. Select Add New Layout Object in the left pane,
4. Click and drag the Add Text Box option to the layout area.
5. In the Text Box Name field, enter a name for the text box.
6. In the Text field, enter the text that you want to display in the text box when it is displayed for
users as they add, edit, or view records.
7. Select one of the following options:

Field Description
Edit Mode Displays the custom object when editing a record.
View Mode Displays the custom object when viewing ta record.
Both Displays the custom object when viewing or editing a record.
8. Click OK.

Adding Tab Sets on the Layout

You can add tabs and tab sets on the page layout of applications, questionnaires, and sub-forms. Tab
sets provide a means for grouping related tabs and fields—especially when there is a large number
of fields—you can help users quickly find the fields they need to add or edit in a record.
Note: If a user does not have access to any of the fields on a tab, the tab is not displayed when the
user adds or edits records. Using data driven events, tabs can be dynamically shown or hidden based
on the current state of content, including nested tabs. When a data driven event hides all sections on
a tab, the tab is also hidden.
Add a new tab set on the layout
b. Under Application Builder, click Applications, Questionnaires, or Sub-Form.
the Designer tab.

2. Add placeholders to the layout:
l For the application, questionnaire, or sub-form, continue to the next step.
l For a leveled application, select the data level from the Level list in the left pane that contains
the layout that you want to manage. The fields and other page elements for that level are
displayed.
3. Expand the Add New Layout Object in the left pane, click Add Tab Set, and drag it onto the
layout area.
4. In the Tab Set Name field, enter a name for the tab set.
5. From the Height list, select one of the following options:
l To use default height settings for the tabs in the tab set, select All from the Height list and
click OK.
l To select the height in pixels for the tabs in the tab set, select the value and click OK.
6. Drag and drop the tab on to the Layout tab to arrange tab sets on the page:
a. In the layout section, click the tab set that you want to move and drag it to its new location.
b. Arrange the tab sets until they are displayed in the correct order.

Add tabs to a tab set

The default tab is the first tab your users see when they add or edit records. It does not have to be
the first tab in the tab set. If a user does not have access to any of the fields on the default tab, the
default tab is not displayed and the tab that has the key field on it is displayed as the default.

the Designer tab.
displayed.
3. Click the New tab in the tab set that you added.
4. In the Tab Name field, enter a name for the tab
5. (Optional) In Default Tab field, click Display this tab by default when users first access the page
to display a tab by default when users open the application, questionnaire, or sub-form.
6. Click OK.

Add fields to a tab set
b. Under Application Builder, click Applications, Questionnaire, Sub-Forms.
the Designer tab.

displayed.
3. Add a section to the tab.
4. Drag and drop the fields on to the Layout page to add fields.
5. Arrange the fields until they are displayed in the correct order.

Adding Trending Charts to the Layout

You can add trending charts to the layout of an application, questionnaire, or sub-form. On a trending
chart, you can view historical data for a Numeric or Values List field that has trending enabled in
order to identify patterns in the data for a specified period of time. Trending charts must be added to
another container object, such as a section.
Add a trending chart to the layout
c. Select the application, questionnaire, or subform.
the Designer tab.
2. From the left pane, select Add New Layout Object.
3. Click and drag the Add Trending Chart option to the layout area.
4. In the Name field, enter the heading that you want to display in the layout.

5. From the Trending Field list, select the trending-enabled field for which to display chart data.
6. (Optional) In the Show Title field, click the Display the chart name as the title when users open
the application, questionnaire, or sub-form.
7. Click OK.

Deleting Layouts
Only layouts that were created by a user can be deleted. You cannot delete the Default Layout. To
delete a layout from an application or questionnaire, you must have delete rights to that layout.
Note: You cannot delete a layout if it is currently associated with an advanced workflow node.
Delete a layout
1. Go to the Layouts tab of the application or questionnaire from which you want to delete a layout.
b. Under Application Builder, select Applications or Questionnaires.
d. Click the Layouts tab.
2. Select the row of the layout you want to delete.
3. Click .

Chapter 9: Advanced Workflow

In RSA Archer GRC, some types of application or questionnaire records represent ongoing business
processes. For example, a record in the Findings application must be reviewed, responded to, and
closed. The Advanced Workflow feature enables you to manage the lifecycle of records in these
types of applications or questionnaires by visually modeling your business process and tying the
different steps in that process to actions in RSA Archer GRC. For example, an advanced workflow
can do the following:
l Update values in a record
l Evaluate values in a record in order to determine which path to follow in your process
l Send a notification
l Create a task (and tasks created during an advanced workflow can be mapped to the task driven
landing page of a user)
l Display different layouts to your users, based on which step of the process they are currently on
l Prompt your users to take an action or make a decision in the record
You can either use the out-of-the-box workflows available in selected applications or create a
workflow unique to your needs. When you create an advanced workflow, you define all the steps
you want the record to go through and choose when to enroll records in the workflow (for example,
when a new record is created or when a user performs some action).
Note: Applications and questionnaires can have only one advanced workflow, and leveled
applications can have only one advanced workflow per level.
Terminology
The following table describes the terms that are unique to advanced workflow.
Term Description
Process The blueprint for a workflow. The process defines all of the possible paths that a
content record could follow through the steps of your business process.

Term Description
Job A specific instance of a workflow process. A job represents one actual path that a
content record takes through the steps of the business process.
Depending on how you choose to enroll content records into your advanced workflow,
jobs can be created for new records, updated records, or records initiated by the user.
Note: Jobs in an advanced workflow are not related to the RSA Archer Job Engine.
For information about the Job Engine Manager in RSA Archer GRC, see Configuring
the Job Engine Manager.
Node A single unit of work (step) in the workflow process.
Transition The path of the workflow from one node to another.
Action Buttons in the content record that prompt end-users for an action or decision and,
buttons when clicked, determine which path in the workflow to follow. Action buttons are
automatically created when you configure transitions out of a User Action node. For
example, you might create Accept and Reject transitions, each of which corresponds
to a different path in the workflow. If a user clicks the Accept action button in the
record, the workflow follows that path.
Action buttons only appear in the content record if the record is in Edit mode.
Custom Additional layouts that display only the information that a user needs while on a
layouts particular step in the workflow process.
Advanced Workflow interface

The Workflow Process Designer is the interface within an application or questionnaire that you use
to create and build advanced workflows.

The interface is made up of the following elements:

1. The Modeler Toolbox contains the nodes and transitions that you can add to your workflow
process.
2. The Advanced Workflow Grid is where you build your workflow process.
3. The Process Properties panel allows you to define which records are enrolled into your
workflow. To view the Process Properties panel, click anywhere in the advanced workflow grid.
4. The Node Properties panel allows you to define settings for the selected node. To view the Node
Properties panel, click a node. The available configuration settings depend on the type of node
you select.
5. The Transition Properties panel allows you to define the settings for the selected transition. To
view the Transition Properties panel, select a transition.
6. The toolbar at the top of the interface allow you to save or revert changes, save or print an image
of your process, and activate or deactivate your workflow.
Nodes
Nodes represent a single unit of work (step) in the advanced workflow. For example, the following
simple workflow has three nodes: Start, Stop, and Update Content.

Advanced workflow offers the following node types:
Node Type Description
Start Node Marks the beginning of the process. A Start node is required.
Stop Node Marks the end of the process. A Stop node is required.
Text Allows you to add comments to any part of the advanced workflow diagram.
Evaluate Allows you to determine the path of the advanced workflow based on values in
Content the content record.
For example, in a purchase request application, you could create rules so that if
the amount of the request is under $1000, the workflow follows an "Approved"
path, and if the amount is over $1000, the workflow follows an "Escalate to
Manager" path.
Send Sends a notification to alert users of the current workflow state or of a task that
Notification they need to complete.
Update Updates values in content record fields. The Update Content node supports text,
Content numeric, values list, and User/Group fields.
User Action Waits for the user to take an action or make a decision.
In a User Action node, action buttons correspond to the outgoing transitions and
are displayed in the content record. For example, If you create Approve and
Reject transitions out of a User Action node, your users see Approve and Reject
buttons in the content record.
Note: Action buttons only appear in the content record if the record is in Edit
mode.
A User Action node can have a task associated with it that appears on the
landing screen of the assigned user. The task link takes the user directly to the
record, and the lifecycle of that task corresponds to the time spent on the
Transition node.

Node Type Description
Wait for Should be used in combination with an Evaluate Content node. If none of the
Content rules in an Evaluate Content node are met, you can configure the default
Update transition to go to the Wait for Content Update node. The Advanced Workflow
job stays at the Wait for Content Update node until content is saved by the user
or the delay timeout is reached, at which point it reverts back to the Evaluate
Content node.
Workflow vs. Advanced Workflow


workflow process.


Using the Advanced Workflow Interface

This topic provides you with basic information about how to use the Workflow Process Designer
interface. For information on building an end-to-end advanced workflow for your business processes,
see Building Advanced Workflows.
Add a node
1. Go to the Advanced Workflow tab in the application or questionnaire.
d. Click the Advanced Workflow tab.
2. In the Modeler Toolbox, select the node type that you want to add.
3. Double-click in the grid where you want to place the node.
4. Complete the Node Properties section. For more information on configuring specific node types,
see Step 2 of Building Workflows.
5. Click .
Draw a transition
1. Go to the Advanced Workflow tab in the application or questionnaire.
2. In the grid, click and drag an arrow from one node to another. Make sure that you click the lower
section of the start node (a hand cursor appears).

3. Complete the Transition Properties section:
a. In the Type field, change the transition type if applicable.

By default, most transitions have a default type of Successful, meaning that if the previous
node is completed successfully, the transition is followed. You can also set transitions
coming from a Send Notification or Update Content node to Always Complete, meaning that
the transition is followed regardless of whether the node was completed successfully. For
example, you may not want to stop a workflow job if a notification fails to send, in which
case you would set the transition to Always Complete. Finally, you can use the Error
transition type if you plan to create an error path. For more information, see "Create error
paths" in Troubleshooting Advanced Workflows.
b. In the Name field, enter a name that reflects the transition that is occurring in your business
process.
Note: To assist in troubleshooting, RSA recommends that you choose a unique name that
reflects the stage in your business process that the node represents.
c. In the Looping transition field, select Yes if the transition loops back to a previous node in
the process. For more information, see "Step 3: Create a looping transition" in Building
Advanced Workflows.
4. Click .
Change the viewable area of the grid
1. Click anywhere in the grid.
2. Do any of the following:
l Zoom in or out:
l Using keyboard shortcuts:
l To zoom in, click Ctrl+Plus Sign (+)
l To zoom out, click Ctrl+Minus Sign (-)
l Use the scroll option on your mouse or touch pad.
l To move the viewable area to the right, press → (or press End to jump all the way to the
right).
l To move the viewable area to the left, press ← (or press Home to jump all the way to the
left).

l To move the viewable area up, press ↑ (or press PageUp to jump all the way to the top).
l To move the viewable area down, press ↓ (or press PageDown to jump all the way to the
bottom).
Move elements in the grid
1. To move the entire process, click the grid, click Ctrl+A to select all of the elements in the
advanced workflow, hover over the top section of a node (a 4-arrow cursor appears) and then
drag them to the preferred position.
2. To move a single node or transition, click the transition or the top section of the node (a 4-arrow
cursor appears) and drag the node or transition into the preferred position.
3. Click .
Delete elements from the workflow
1. Select the node or transition that you want to delete.
Note: You can also press Ctrl+A to select everything in the diagram, or press Shift to select
multiple nodes and transitions.
2. On your keyboard, press Delete.
3. Click Yes to confirm that you want to delete the selected content.
4. Click .
Revert unsaved changes

When you click Revert, the Workflow Process Designer reverts your diagram to the most recently
saved version and discards any unsaved changes.
1. From the top row of the Workflow Process Designer, click .
2. Click Revert.
Print or save an image of the workflow
1. From the top row of the Workflow Process Designer, click .
2. Click Print/Save Image.

l To print your workflow, select the display settings you want to use, and click Print.
l To save an image of your workflow, right-click the image, and click Save As. Enter a name
for the image and choose a location, and click Save.
Keyboard shortcuts
If you are using a Mac, use the Command key instead of the Control key as the modifier.
Key Description
← ↑ ↓ → (arrow keys) Moves the viewable area one square at a time, in the
direction of the selected arrow.
Ctrl+Plus Sign (+) Zooms in on the entire diagram.
Ctrl+Minus Sign (-) Zooms out on the entire diagram.
Ctrl+0 Resets zoom to the original size.
Ctrl+A Selects all objects (nodes and transitions).
Del Deletes selected objects.
Home Moves the viewable area to the left.
End Moves the viewable area to the right.
PageUp (Ctrl+Home) Moves the viewable area up.
PageDown (Ctrl+End) Moves the viewable area down.
Shift-Z Invokes "zoom to fit"; repeat to return to original position.
Planning and Deploying Advanced Workflows

Before you start building an advanced workflow in an application or questionnaire, RSA
recommends that you plan your out workflow in advance and consider the following best practices.
Note: If you are planning an update of an existing advanced workflow, see Deploying Updates to
Advanced Workflows.
Overall deployment process

RSA recommends that you approach creating and deploying advanced workflows in three phrases:

Phase Location Steps
Develop Development 1. Plan your advanced workflow process. See the following sections in
environment this topic.
2. Build the workflow in the application or questionnaire. See Building

Advanced Workflows.
Test Development 3. In the application or questionnaire, create several test records, move
environment them through the steps of the workflow, and verify that each action
you take in the workflow has the intended result.
You can use the Job Troubleshooting tool to see what happens to
each job as it progresses through the workflow. For more information
on job states and resolving errors, see Troubleshooting Advanced
Workflows.
4. Package the application or questionnaire. See Creating Packages.
Deploy Production 5. Install the package. See Installing Packages.

environment
6. Review and activate the workflow. See Activating and Deactivating
Advanced Workflows.
7. Educate your end users on which steps of the workflow they are
responsible for.
Plan your advanced workflow (outside of RSA Archer GRC)

Before you start building an advanced workflow in an application or questionnaire, RSA
recommends that you first plan out the following elements:
Note: You may want to create a swimlane diagram or whiteboard your process.
1. The steps in your process and the nodes you need accomplish those steps.
2. The transitions between steps.
3. The users and groups who will be involved in the process and what level of access they require
for different steps.
4. For notifications that you plan to send, who should receive the notifications and what content the
notification should contain.
5. For nodes that can use custom layouts, what content you want your users to see.

Prepare prerequisite elements in RSA Archer GRC
1. Create any on-demand notifications templates that your workflow requires.
2. (Optional) Create any custom layouts that you need for User Action or Wait for Content Update
nodes.
If your custom layouts are similar to your default layout, you may find it easier to copy the
default layout and modify the copy.
Note: In order to create additional layouts, you must first turn on advanced workflow in the
application or questionnaire. Go to the Advanced Workflow tab and click Click here to create a
new workflow.
Building Advanced Workflows

Advanced workflows are customizable processes that control the life cycle of a record within an
application or questionnaire. An application or questionnaire can have only one advanced workflow,
and a leveled application can have only one advanced workflow per level. Only RSA Archer
Administrators and Application Owners with access rights to the Advanced Workflow feature can
create advanced workflows.
Before you begin
Plan your advanced workflow.
Step 1: Enable advanced workflow in the application or questionnaire
Note: Users will only be able to complete a step in an advanced workflow to which they are
assigned if they have access rights to the associated records. For information on access roles, see
Access Roles.
1. Go to the Advanced Workflow tab of the application or questionnaire.
2. Click .
3. Determine when and how records are enrolled in the advanced workflow. In the Process

Properties panel, in the Content Enrollment section, select one of the following options:
Option Description
New Each newly created record is enrolled in the advanced workflow process.
Records
Updated Records are enrolled in the advanced workflow after they are updated.
Records
User A record is enrolled in a workflow only if the user clicks a specific button, which
Initiated enrolls the record in the advanced workflow.
l If you selected User Initiated, enter a label for the record enrollment button in the Button Text
field.
l If you selected Updated Records or User Initiated and you want to allow records to be able to
go through the workflow more than once, in the Settings section, select Allow Re-enrollment.
4. (Optional) If you plan to use Advanced Workflow to send notifications or create tasks for users,
do the following:
a. Click the General tab.
b. In the Options section, do the following:
a. To enable notifications, select the Notifications checkbox.
b. To enable tasks, select the Task Management checkbox.
Step 2: Add and configure nodes and transitions

A node represents a step in your advanced workflow process. RSA Archer GRC offers different
node types for different types of actions, for example, updating record content or sending
notifications.
Note: With the exception of the Start and Stop nodes, you can add whichever of the following nodes
your business process requires and in any order necessary.
Add a Start node.
1. In the Standard section of the Modeler Toolbox, click Start.
2. In the grid, double-click where you want to place the node.
3. Add the next node in your process, and then connect the two nodes with a transition.

Add an Update Content node.

1. In the General section of the Modeler Toolbox, click Update Content.
3. (Optional) In the Node Properties panel, in the Name field, enter a name that reflects the step in
your business process that the node represents.
4. To update Text, Numeric, and Values List fields, do the following:

Important: If an Update Content node is configured to set a Values List field, and a data driven
event is also configured to set the same Values List field, the advanced workflow settings take
precedence. Additionally, if you configure the Update Content node to update a Text field, all
text added by a user will be overridden by the advanced workflow settings.
a. In the section for the field type that you want to add, click .
b. From the Field list, select a field.
c. Enter or select a value for the field.
d. (Optional) To add additional fields of the same type, select the Add Another checkbox.
e. Click Add.
f. If you selected to add another field repeat steps b, c, and e.
5. To update User/Groups fields, do the following:
a. In the User/Groups Fields section, click .
b. From the Field list, select a field.
c. Under the Available section, expand Users or Groups and select the applicable user or group.
Note: You can also use the Find field to search for a specific user or group.
d. (Optional) To add additional fields, select the Add Another checkbox.
e. Click Add.
f. If you selected to add another field, repeat steps b,c, and e.
6. After you have added the next node in your process, draw an outgoing transition from your
Update Content node.

By default, the transition type is Successful. If you want the workflow to always move to the
next node, regardless of whether the content is successfully updated, select Always Complete
instead. If you want to create an error path in your process, see "Create error paths" in
Advanced Workflow Troubleshooting.
7. To validate your workflow and save your changes, click .
Add a Send Notification node.
Important: The Send Notification node requires an on-demand notification template that is
associated with the application or questionnaire in which you are creating an advanced workflow. If
you do not already have an on-demand notification template associated with the application or
questionnaire, you must first create one. For information on notifications, see Notifications.
1. If you have not already enabled notifications for the application or questionnaire, do the
following:
a. Click .
b. Click the General tab.
c. In the Options section, select the Task Management checkbox.
d. Click Apply.
2. (Optional) If you need to navigate away from your advanced workflow to create a notification
template, click to ensure your changes are not lost.
3. If necessary, create an On-Demand notification template. The template should define the subject
and content of the notification that the node generates, as well as who should receive it.
4. In the General section of the Modeler Toolbox, click Send Notification.
6. (Optional) In the Send Notification section, in the Name field, enter a name that reflects the step

in your business process that the node represents.
7. In the Settings section, select the notification that you want to use.
8. After you have added the next node in your process, draw an outgoing transition from your
Notification node.
By default, the transition type is Successful. If you want the process to always move to the next
node, regardless of whether the notification is successfully delivered, select Always Complete
9. To validate your workflow, and save your changes, click .
Add a User Action node.

The User Action node waits for a user to click an action button in the record and follows the
corresponding transition. For example, you might create two possible transitions out of a User Action
Node: Approve and Reject. When the user clicks either Approve or Reject in the record, that choice
determines which transition to follow.
You can also configure the User Action node to create tasks in the Task Management application
when the node becomes active. When the node is completed, the task displays as completed.
Note: If you plan to use the create tasks option, the application must have at least one user/groups
field.
1. If you plan to create tasks and have not already enabled task management for this application, do
the following:
a. Click .
b. Click the General tab.
c. In the Options section, select the Task Management checkbox.
d. Click Apply.
e. Click the Advanced Workflow tab.
2. In the General section of the Modeler Toolbox, click User Action.
4. (Optional) In the User Action section, in the Name field, enter a name that reflects the step in
your business process that the node represents.

5. In the Layout section, do one of the following:
l To assign an existing layout, select the layout from the Layouts list.
l To create a new layout, click . For more information, see Adding

Additional Layouts.
Note: You cannot add new fields or update existing fields in a layout created from the
Workflow Process Designer. You can only add or remove existing objects to or from the
layout and arrange existing objects. If you wish to modify field attributes or add new fields,
you must create an additional layout from the Layouts tab in the application or questionnaire.
6. If you want the node to create tasks, do the following:
a. In the Tasks section, select the Create Task checkbox.
b. In Assign to Field(s), click .
c. In Due Date, select the field that you want to use from the list.
d. In Subject, choose a subject line for the task. Do either of the following:
l To use the value of an existing field as the subject, select Choose Field, and select the
field from the list.
l To enter your own subject text, select Enter Text, and enter your text.
e. In Priority, assign a priority level to the task.
f. In Description, provide a description for the task. Do either of the following:
l To use the value of an existing field as the description, select Choose Field, and select the
l To enter your own descriptive text, select Enter Text, and enter your text.
g. In Resolution, choose a resolution for the task. Do either of the following:
l To use the value of an existing field as the resolution, select Choose Field, and select the
l To enter your own resolution, select Enter Text, and enter your text.

7. After you have added the next node(s) in your process, add outgoing transitions from your User
Action node. Enter a unique name for each transition, keeping in mind that the name is also used
as the label for the action button that the user sees in the record.
By default, the transition type is Successful. If you want to create an error path in your process,
see "Create error paths" in Advanced Workflow Troubleshooting.
8. To validate your workflow and save your changes, click .
Add an Evaluate Content node.

The Evaluate Content node evaluates the content in the record against transition rules that you create
and follows the matching transition. The node determines which transition to follow based on the
first rule to match, and if there are no matches, follows the default transition.
1. In the General section of the Modeler Toolbox, click Evaluate Content.
3. (Optional) In the Evaluate Content section, in the Name field, enter a name that reflects the step
in your business process that the node represents.
4. After you have added the next node(s) in your process, add outgoing transitions. Enter a unique
name for each transition.
Important: You must add outgoing transitions before you can define the rules associated with
those transitions.
By default, the transition type is Successful. If you want to create an error path, see "Create
error paths" in Advanced Workflow Troubleshooting.
5. Define the rules to govern which transition the node should take. Do the following:
a. Click the Evaluate Content node, and in the Rules section, click .
b. From the Transition list, select a transition.
c. Click Add Rule.
d. In the General Information section, enter a name and description for the rule.
e. In the Status field, ensure that Active is selected.

f. In the Criteria section, select which field to evaluate, an operator, the value or values to
match, and (if applicable) the relationship to the subsequent row of filter criteria. Each row
represents one set of filter criteria.
g. (Optional) To add additional rows for specifying more filter criteria, click Add New.
Note: The system automatically renumbers the criteria rows, but you may need to modify any
advanced operator logic accordingly.
6. Select a transition for the node to follow if all the rules governing outgoing transitions evaluate
to false. Do one of the following:
l Add a Wait for Content Update node.
a. Draw a transition from the evaluate content node to the new content change delay node.
b. Click the Evaluate Content node.
c. From the Default Transition list, select the transition that you created.
l From the Default Transition list, select an existing transition.
Add a Wait for Content Update node.

A Wait for Content Update node is intended to be used with an Evaluate Content node. If none of the
rules in the Evaluate Content node are met, you can configure the default transition to go to a Wait
for Content Update node, and you can assign it a layout that prompts the user to make necessary
updates in the record. The job stays on the Wait for Content Update node until content is saved by
the user or the delay timeout is reached, at which point it reverts back to the Evaluate Content node.

1. In the General section of the Modeler Toolbox, click Wait for Content Update.
3. (Optional) In the Wait for Content Update section, in the Name field, enter a name that reflects
the step in your business process that the node represents.
4. In the Layout section, do one of the following:
l To assign an existing layout, select the layout from the Layouts list.
l To create a new layout, click . For more information about

configuring layouts, see Layouts.
5. In the Delay Timeout section, set the maximum amount of time that should be allowed before the
Wait for Content Update node closes and reverts to the previous node, if the user does not make
edits to and save the content within that time.
6. After you have added the next node(s) in your process, draw an outgoing transition from your
Wait for Content Update node.
By default, the transition type is Successful. If you want the process to always move to the next
node, regardless of whether the content is successfully updated, select Always Complete
Add a Stop node.
Note: The advanced workflow stops at the last node it finds without any outgoing transitions.
However, RSA recommends using Stop nodes for readability, especially in complex workflows.
1. In the General section of the Modeler Toolbox, click Stop.
2. In the grid, double-click where you want to place the stop node.
3. Draw an incoming transition from the previous node.
(Optional) Step 3: Create looping transitions

A looping (upstream) transition (indicated by a dashed line) allows you to point back to a node that
has already been processed. This is useful if you have steps in a workflow that need to be repeated.

For example, if a record in an Evaluate Content node does not meet the criteria needed advance to
the next step in the workflow, you can create a loop that sends the record back to a previous stage so
the user can update the content.
In most cases you do not need to do anything to change a transition into a looping transition. As you
build an advanced workflow, the system attempts to detect loops and automatically convert
transitions to looping transitions as necessary. However, in some cases the system may not detect
that you have drawn a loop, particularly if you delete and redraw a looping transition. In this case,
you need to manually change the transition to a looping transition.
1. Select the transition.
2. In the Transition Properties panel, in the Looping transition field, select Yes.
3. To validate the looping transition and save changes, click .

The transition becomes a dashed line.
Step 4: Activate the workflow

Once you have built your entire workflow and you are ready for records to start being enrolled in the
workflow, you must activate it.
1. At the top of the Workflow Process Designer, click Activate.
2. Click .


Activating and Deactivating Advanced Workflows

When you activate an advanced workflow, jobs begin being created based on the enrollment model
that you selected. When you deactivate a workflow, existing jobs for the application continue to
process, but new jobs are not created.
Note: All advanced workflows installed in a package are installed as inactive and you must activate
them before use.
Activate a workflow
1. Go to the Advanced Workflow tab of the application or questionnaire that contains the workflow
you want to activate.
2. At the top of the Workflow Process Designer, click Activate.
3. Click .

Deactivate a workflow
1. Go to the Advanced Workflow tab of the application or questionnaire that contains the workflow
you want to deactivate.
c. Select the application or questionnaire you want to update.

2. At the top of the Workflow Process Designer, click Deactivate.
3. Click .

Deploying Updates to Advanced Workflows

Every time that you save changes to an advanced workflow, the version number of the workflow
process is updated. Only one version of a process can be active at one time. You cannot have
content records with active jobs enrolled in two different versions of the process. If you need to
update an advanced workflow that already has enrolled content with active jobs, follow the process
below.
Deploy an update to an advanced workflow

1. Plan your advanced workflow updates. Depending on how your organization handles updates,
you may either want to plan and prepare all of your changes in a development environment or
plan in advance the changes that you will make in your production environment during the
deployment period.
2. Schedule the deployment and contact end-users.
l Plan to deploy the updated workflow over a scheduled period of time, ideally during off hours
to avoid business disruption.
l Contact your advanced workflow end users and inform them that a new version of the
workflow is going to be deployed, that they should complete all work on their currently
enrolled records, and that no new workflow enrollments will be supported during the
deployment period.
3. Check the Job Troubleshooting tool for any active jobs. If you have active jobs, work with your
end users to determine whether the job can be completed or has to be canceled and the record
recreated later in the updated workflow.
l To complete a job, do either of the following:
l Have the end user manually move the record through the remaining steps in the workflow.
l Open the job in the Job Troubleshooting tool and manually complete each remaining node.

l To cancel a job, do the following:
b. Under Advanced Workflow, click Job Troubleshooting.
c. Locate your process, and double-click anywhere in the row to open the associated jobs.
d. Locate the job that you want to delete, and from the menu, select Cancel.
e. Enter an optional comment, and click Cancel Job.
4. Disable all enrollment options for the current version of the workflow process.
5. (Optional) Lock down access or permissions for record creation while you deploy the updated
workflow.
Important: Any new records that are created or existing records that are updated while the
current workflow is turned off cannot be supported in the updated workflow.
6. Once you have confirmed that there are no active jobs, deploy the new workflow.
7. Re-enable the appropriate enrollment options.
8. If you canceled jobs for records that you want to use with the new workflow, create new copies
of those records and start the new workflow.
9. Inform your end users that the updated workflow has been deployed and educate them on the
changes.
Troubleshooting Advanced Workflows
Troubleshoot Workflow Process Designer access errors

You may encounter the following errors when attempting to access the Advanced Workflow tab in
an application or questionnaire.

Error message Resolution
None - Workflow Process Designer splash screen Check to see if the Advanced Workflow
hangs. Service is running. If it is not running, start
the service.
Advanced workflow HTTP request error: 404 not
found.
The Workflow builder encountered an unexpected

error. Please contact your system administrator for
more details.
An error occurred communicating with the server.
The Advanced Workflow service is unavailable.
Troubleshoot workflow validation errors

When you build an advanced workflow and click Save Workflow, the system validates all of your
nodes and transitions and informs you if there are any configuration issues. The following table
explains some of the messages that you may encounter.
Error type Error message Description Resolution
General


Advanced Workflow has The advanced workflow must Before you click Save
unsaved changes. Please be saved separately from the or Apply in the
save or revert. application or questionnaire application or navigate
that it belongs to. If you save away from the page,
or close the application make sure that you do
without saving the workflow, one of the following:
your changes will be lost.
l Click Save
Workflow to save
any changes in your
process.
l Click and
select Revert to
return to your most
recent saved
version of your
process.
Edits made to this Changes to a workflow Select the I understand
workflow will only apply process design cannot be the implications of
to records that enter applied to records that were performing this
workflow after the already enrolled in the operation checkbox,
changes are saved. The workflow. For best practices and click OK.
N record(s) that are for handling workflow
currently using this updates, see Deploying
workflow will continue Updates to Advanced
to use the previous Workflows.
version of it until they
exit workflow.
The workflow does not A Start node is required. Add a Start node.
start with a "Start"
node.
Node Node Name All nodes except for a Stop Add an outgoing
requires at least one node require at least one transition from the
outgoing transition. outgoing transition. node.

Node NN: CUST Name All nodes require a name. This Select the node, and in
is required. error only displays if you the Name field, enter
deleted the Name text from a text.
node.
Evaluate Content node
Node Evaluate Content The Evaluate Content node Select the Evaluate
requires one default requires that you mark one Content node, and in
transition. outgoing transition as the the Default Transition
default. If all the rules field, select a
governing outgoing transitions transition.
evaluate to false, the
workflow follows the default
transition.
Node Evaluate Content: Other than the default Select the Evaluate
Except for error and transition or transitions marked Content node and add
default transitions, each as an error path, all outgoing a new rule for each
outgoing transition must transitions from an Evaluate outgoing transition.
be configured with one Content node require a rule For steps, see Add an
rule. that defines under which Evaluate Content
conditions the workflow Node.
should follow that path.
Send Notification node
Notifications: A The Send Notification node Select the Send

notification is required. requires that you select an on- Notification node, and
demand notification template in the Notification
to use for the notification. field, select a
notification template.
Note: If you do not already
have an on-demand
notification template
associated with the application
or questionnaire, you must first
create one.
Update Content node

The option requires Some Values List fields are Update a different
other text. Can't be configured to require that the value or configure the
selected. user enter text in an Other text value list value not to
field if a particular value is require Other text.
Note: This error selected. Advanced workflow
displays in the Add cannot update these values.
Value dialog box.
User Action node
Node User Action You must select an existing Select the User Action
layout is required. layout or create a new layout node, and in the
for the User Action node. Layout section, select
the layout that you
want to use or create a
new layout.
Tasks: Group or If you want to create a task Do the following:

Permissions field for from an User Action node, you
1. Select the User
assignees is required. must select either a
User/Groups or a Record Action node, and
Permissions field to assign the in the Assigned to
task to. field, click +.
2. Select the group or

permissions field
you want to use,
and click Add.
Tasks: Please select a If you want to create tasks Select the User Action
priority for this task. from a User Action node, node, and in the
Priority is a required field. Priority field, select a
value.
Tasks: Please enter the In the Select the User Action

text for the task Subject/Description/Resolution node, and in the
subject/task fields, if you select Enter Subject/
description/task Text, you must enter the text Description/Resolution
resolution. you want to use. text field, enter your
text.

Tasks: Please select a In the Select the User Action

field to use for the task Subject/Description/Resolution node, and in the
subject/task fields, if you select Choose Subject/
description/task Field, you must select a field Description/Resolution
resolution. to use. drop-down field,
select the field that
you want to use.
Wait for Content Update node
Node Wait for Content You must select an existing Select the Wait for
Update: Layout is layout or create a new layout Content Update node,
required. for the Wait for Content and in the Layout
Update node to use. section, select the
layout that you want to
use or create a new
layout.
Loops
A process loop was You have created a loop in Do the following:

detected but none of the your workflow process, but
1. Select the
transitions within the none of the transitions in your
loop were declared as loop is marked as looping. transition that
being upstream. Please completes the
make one of the loop.
transitions within the
loop an upstream 2. In the Transition
transition. Settings section,
from the Looping
Transition list,
select Yes.
3. Click
.
When you save,
the transition
changes to a
dashed line.

An upstream transition An upstream, or looping, Ensure that all dashed

was found outside of a transition is marked by a transitions are part of
process loop. Please dashed line and is only a loop in your process.
verify that all upstream necessary when part of a loop
transitions are in in your process. You may see
process loops. this error if you created a loop
and later deleted one of the
nodes, leaving a looping
transition that is no longer part
of a loop.
Troubleshoot errors in the enrolled content record

You may encounter the following errors when working in a record that is enrolled in an advanced
workflow.
Error message Description Resolution
Workflow job failed to Content save fails if the record cannot Contact your RSA Archer
start. be enrolled into an advanced workflow administrator.
for any reason.
Cannot enroll content in This content record has already been Contact your RSA Archer
advanced workflow. The enrolled in advanced workflow and has administrator.
content has already been a job associated with it. The advanced
enrolled and re-enrollment workflow creator has not allowed for
is not allowed for records records in this application to be re-
in this application. enrolled in the workflow.
There was an error The workflow job ran into an error at Use the Job
processing this record. the Node Name node. Troubleshooting tool to
Please contact your investigate the error. See
administrator and tell them the "Troubleshooting errors
this record could not go in running workflows"
past the 'Node Name' section below for more
stage. information.
Troubleshoot errors in running workflows

If records are running into errors while moving through your workflow, you can open the Job
Troubleshooting tool and look at the individual job details.

1. Open the Job Troubleshooting tool.
b. Under Advanced Workflow, select Job Troubleshooting.
2. Locate your process, and double-click anywhere in that row to open the associated jobs.
Note: If there are no associated jobs, verify that your workflow is active, that you selected a
content enrollment option, and that records have been created in the application or questionnaire.
3. Locate your job (the Reference number is the tracking ID of your content record), and double-
click anywhere in the row to open the detail view. If the job is in an error state, a red error
message displays in the upper-right corner of the grid.
4. Determine where the job got stuck. Locate the last selected (green) node.
Node states
State Description Appearance
Planned Downstream from one or more other nodes that have yet to be Dark Gray
completed or skipped. All nodes start as planned. It is unknown
whether this node will be executed in a particular job.
Selected Either has no dependencies or all of its dependencies have been Green
resolved and at least one of the transitions leading to this node was
selected. The node must now be executed.
Complete Previously selected to be executed and the work that is represents Blue
has been completed.
Skipped The node was downstream from one or more nodes and none of the Light Gray
transitions leading to this node were selected. The node does not
need to be executed.

Transition states
State Description Appearance
Planned The transition has not been evaluated. All transitions start as Dark Gray
planned.
Selected The source node of the transition is completed and either: Green
l It is the only outgoing transition from that node.
l The criteria for this transition have been met (either a user
clicked an Action button for a transition from a User Action
node, or a rule evaluated to true for a transition from an Evaluate
Content node).
Skipped Either the source node of the transition was skipped or the source Light Gray
node was complete but the transition did not meet its criteria (an
action button was not clicked or the rule evaluated to false).
5. Review any errors:
a. Click anywhere in the grid to display the Job Properties panel.
b. Scroll down to the Errors section.
c. Hover over an error until an icon appears, and click the icon.
d. Note the timestamp of the error message.
6. Check the Advanced Workflow server.log file (located in C:\ArcherFiles\Logging\Workflow) for

more information about the error.
Note: The timestamps of all entries in server.log are in Coordinated Universal Time (UTC). The
timestamps of errors in the Job Troubleshooting tool depend on the time zone of your instance.
7. Depending on which node caused the error, verify the following:
l Evaluate Content node
l Are the associated rules correct?
l Did you make any changes to the fields that are being evaluated?

l Send Notification node
l Is the on-demand notification configured correctly?
l Are notifications enabled for your instance?
l Are notifications enabled for the application or questionnaire?
l Update Content node
l Is the node configured to update at least one field?
l Did you change the validation on any of the fields being updated? For example, did you
make a field required that was previously not required?
l User Action node
l If you chose to create tasks, is Task Management enabled for the application or
questionnaire?
l Are all the fields required for Task Management also required in the record?
l Do the fields that you selected to use for the task subject, description, due date, and
resolution have values entered in them in the record?
8. Depending on the type of error encountered and your workflow process, determine how you want
to handle the job. You can do any of the following:
Option Description Steps
Restart Restarts the job from the beginning. Any work previously
1. From the
the job completed is reset and must be completed again.
menu, select
Restart.
2. Click Restart Job.
Cancel Cancels the job. Use this option if you no longer need the
1. From the
the job job or plan to recreate the record and trigger a new job.
menu, select
Cancel.
2. Enter an optional
comment, and click
Cancel Job.

Option Description Steps
Reset a Resets the node as Selected and resets all downstream 1. In the grid, select
node nodes as Planned. Use if you want to retry the node. the node.
2. In the Actions
section, click
Reset.
Manually Use this option if you want the job to continue regardless
1. From the
move to of whether the node completed successfully. For
the next example, you might want to use this option if a menu, select
node notification failed to send. Activate.
2. In the grid, select

the node.
3. In the Actions
section, click
Change State, and
select Complete
Work.
4. From the
Completion Code
list, select the
transition that you
want to follow.
5. Click Complete
Work.
Create error paths

An error transition out of a node allows you to create a path for a workflow in the case that the node
runs into an error. You may want to create error paths in your workflow if your jobs are running into
the occasional error on a particular node and you want to force the job to continue on through the
workflow instead of stopping. For example, if you have intermittent errors with your mail server, but
do not want the job to stop just because a notification could not be sent, you might create an error
path to allow the workflow to continue to the next node.

1. Add a User Action node to the grid.
2. In Node Properties panel, in the Name field, type Error.
3. In the Layout section, create and assign a layout that indicates an error.
4. Draw an outgoing transition from the node that is failing to the Error node.
5. In Transition Settings, from the Type list, select Error.
6. Draw an outgoing transition from the error node to the next node in your process.
7. To validate the new transitions and save your changes, click .


Chapter 10: Workflow

The Workflow feature enables you to define a process for moving a record through stages for review
and validation before publishing it to end users. You can create unique workflow processes for any
application, any level in a leveled application, or any questionnaire in RSA Archer GRC for which
they have been assigned ownership rights.
Defining a workflow process involves the following:
l Establishing review and validation stages
l Determining the order to route content
l Assigning designated personnel to each stage
l Configuring content review assignment notifications
After a formal workflow process is defined for an application, records that are subsequently added
or edited are routed through the process. As records move through content review stages, a detailed
history of all content modifications is electronically maintained by person, date, and time. By
default, this history is configured to retain all fields indefinitely. If this history log is configured to
purge its contents, the workflow information could be lost along with other historical information.
Other history log fields could be placed in the application as well.
In leveled applications, workflow processes are configured separately for each level.
Fields added for workflow tasks

When you activate a workflow, several fields are added to the Available Fields list for the
application or questionnaire. RSA Archer GRC uses these fields to manage the workflow feature.
Record permissions still apply for records in workflow process. All users with proper access
privileges can view a record in the workflow process. However, only users that have been assigned
a record in the workflow process can accept or reject it.
Field Description
Workflow A read-only field used by the system to manage workflow stages.

Stage
Workflow A system-managed field that provides access to the workflow discussion forum
Comments for individual records.
Workflow A read-only field used by the system to manage user access to a record that
Assignees resides in a particular workflow stage.

Field Description
Workflow A system-managed field that maintains a change history for each record. All
History logged entries are retained indefinitely.
Workflow toolbar options

When a user assigned to a record displays it in the workflow process, the Workflow toolbar is
displayed at the top of the record. This toolbar includes the following options:
Button Description
Accept Saves any changes made to the record and advances it to the next stage in the
workflow process.
Reject Saves any changes made to the record and demotes it to the previous stage in the
workflow process.
Comment Opens a discussion forum dedicated exclusively to the current record. This button only
displays if the Comments option has been enabled for the workflow stage.
Reassign Enables application owners to reassign the record to a different user. This option is
only available to application owners.
History Displays a history log of the record that includes a description of the changes made to
the record during the workflow process. All logged entries are retained indefinitely.
Workflow tasks
l Activating or Inactivating Workflows
l Adding Workflows to Applications
l Adding Workflow Notifications
l Configuring the End Stage of Workflows
l Deleting Workflow Notifications
l Deleting Workflow Stages
l Reordering Workflow Stages
Workflow vs. Advanced Workflow



workflow process.

For information about using the Advanced Workflow feature, see Advanced Workflow.
Adding Workflows to Applications or Questionnaires

Adding a workflow to applications and questionnaires enables you to create a process for which your
users must follow with specific defined stages.
Note: The information described in this topic is specific to the Workflow feature. For information on
the Advanced Workflow feature, see the Advanced Workflow topic in the RSA Archer GRC Online
Documentation.
Step 1: Add a workflow stage

By default, the workflow includes a start stage and an end stage. You can add and configure one or
more additional workflow stages.

1. Go to the application or questionnaire that you want to update.
d. Click the Workflow tab.
l If the application is not a leveled application, go to the next step.
l If the application is a leveled application, select the tab of the level for which you want to
configure a workflow process.
3. In the Stages section, click Add New.
l If you want to create a new workflow stage, select Create a new Stage from scratch.
l If you want to create a workflow stage from an existing workflow stage, select Copy an
existing Stage, select the workflow stage from the Available Workflow Stages list.
Note: If no stage has been created before, it will automatically Create a new Stage from
scratch.
5. Click OK.
6. In Stage Name field of the Stage Properties section, enter the name of the stage.
7. In the Advanced Stage Properties section, select the assignment model for the workflow.
Assignment model options
Field Description
Round Robin Randomly assigns records to qualified users.
Multiple - Edit Assigns ownership to the first user to save a record under review.
Owner
Multiple - Allows any qualified user to accept the record and move it to the next
Concurrent stage.

l To enable users to post comments associated with the record, click Content Discussion in
Comments.
l To require users to post a comment when rejecting a record, click Comment on Rejection in
Rejection Reason.
9. In Enrollment Model of the Workflow Options section, select the enrollment model.
l All Records
l New Records Only
l Update Records Only
l To enroll the original record in the workflow, go to the next step.
l To enroll a copy of the record in the workflow, click Record Version in Create Record Copy.
A copy of the original record becomes part of the workflow process while the original record
is available to users.

Step 2: Assign default assignees to the workflow
1. In the Stage Properties section, click in Default Assignees to open the selection box.
e. In the Stages section, select the stage that you want to configure.
2. In the Available section, do the following:

a. Click Select to open the selection box.
b. In the Available section, double-click a group, user, or field to display it in the Selected
section.
c. Click OK.
Note: To search for a specific user or group, expand the User or Group node and double-
click the value. Your selection is displayed in the Selected column.

Step 3: Define workflow assignment rules

Assignment rules automatically assign records to users. Multiple rules work cumulatively. This step
is not required. If no records satisfy the criteria, the record is assigned to the default assignees.
1. In the Stages section, select the stage that you want to configure.
e. In the Stages section, select the stage that you want to configure.
2. In the Stage Properties section, click Add New in Assignment Criteria of the Rules section.
3. In Name, enter a name for the rule.
4. In Description, enter a description for the rule.
5. In the Criteria section, enter the rule criteria.


Option Description

Evaluate

Operator
Logic
6. In the Assignment section, select the groups, users, and fields to which records are assigned in
the workflow process:
a. Click Select to open the selection box.
b. In the Available section, double-click a group, user, or field to display it in the Selected
section.
c. Click OK.
Note: To search for a specific user or group, expand the User or Group node and double-
click the value. Your selection is displayed in the Selected column.
7. Click OK.
8. Repeat steps 5 – 7 to add new rules as needed.


Adding Workflow Notifications

You can configure the workflow process to automatically send email notifications to users and
groups that are assigned to a record for review. The notifications are sent when a record:
l Is enrolled in the workflow
l Moves to a new stage (except the End stage)
l Is manually reassigned by the application owner
You can configure a workflow notification for any stage in the workflow process and can use the
same notification for multiple stages or create unique notifications for each stage.
Documentation.
Step 1: Add a workflow notification
1. Go to Workflow tab of the application or questionnaire that you want to update.
4. In the Stage Properties section, click Edit in Notifications.
5. Click Add New.
l If you want to create a new workflow notification, select Create a new Workflow
Notification from scratch.

l If you want to create a new workflow notification from an existing workflow notification,
select Copy an existing Workflow Notification and select the existing workflow notification
from the list.
7. Click OK.
8. In the General Information section, enter the name and description of the notification.

Step 2: Define the design template
1. On the General tab, scroll down to the Template Design section.
2. Do the following:
a. In the Letterhead field, click and select the letterhead you want.
b. In the Body Layout field, click to select the layout for the body of the notification, and
click OK.
c. In the Preview field, verify that the layout you selected is the one you want to use.
l If the layout is what you want to use, go to the next step.
l If the layout is not what you want to use, repeat steps b and c.

Step 3: Define the content of the workflow notification

You can define the content of a workflow notification, using both static and dynamic content. Static
content is text that remains the same for every notification, while dynamic content is content that
changes based on the unique parameters.
1. Click the Content tab.

links.
field.
3. Click Apply.
Step 4: Define the email properties of the workflow notification
1. Click the Delivery tab.
address.
default selection.
3. Click Save.
Activating or Inactivating Workflows

After you have added a workflow, you can activate it by changing the Status field to Active. For
leveled applications, you must activate the workflow process for each level independently.

Documentation.
Activate a workflow
1. Go to the Workflow tab of the application or questionnaire that you want to update.
3. In the Stages section, click the Start stage.
4. In the Status field of the Workflow Status section, click Active.

Inactivate a workflow
To prevent records from entering the workflow process, change the value in the Status field to
Inactive. You cannot inactivate a workflow process if there are records enrolled in any of the
workflow stages.

3. In the Stages section, click the Start stage.
4. In the Status field of the Workflow Status section, click Inactive.

Configuring the End Stage of Workflows

By default, the workflow includes the end stage.
Documentation.
Configure the workflow end stage
1. Go to the Workflow tab of the application or questionnaire that you want to update.

3. In the Stages section, click the End stage.
4. In Completed Status Name, enter a name to associate with complete records.
5. In Completed Record Access, select the access level of records that have completed the
workflow process.
Completed Record Access options
Field Description
Standard Removes any access restrictions imposed during workflow. To use this option, the
application must have a Record Permissions field.
Public Enables all users to access records that are released from workflow.
Private Enables you to grant access to selected users or groups when records are released
from workflow.

Deleting Workflow Notifications

Complete this task to delete a workflow notification when it is no longer valid.
Documentation.
Delete a workflow notification
1. Go to the application or questionnaire in which you want to delete a workflow notification.

4. In the Stage Properties section, click Edit in Notifications.
5. Click the row of the notification that you want to delete.
6. Click for that notification.
7. Click OK to confirm the delete.
Deleting Workflow Stages

Complete this task to delete a workflow stage if there are no records currently enrolled in it.
Documentation.
Delete a workflow stage
1. Go to the application or questionnaire in which you want to delete a workflow stage.

3. In the Stages section, select the stage that you want to delete.
4. Click in the Stage.
5. Click OK at the confirmation.

Reordering Workflow Stages

Complete this task to change the order of stages in a workflow process at any time, even while
records are currently enrolled in the workflow process.
Documentation.
Reorder a workflow stage in a workflow
2. If the application is leveled, select the tab for the level for which you want to configure a
workflow process.
3. In the Stages section, select the stage that you want to reorder.
4. Drag the stage to the location you want.


Chapter 11: Offline Access

Offline access enables Audit Management users to conduct audits offline on a laptop. Offline access
is available with an active Audit Management license and is configurable for each instance. You
must enable offline access in the RSA Archer Control Panel. For a complete list of requirements,
see Installing Offline Access.
As an administrator, you select the application or questionnaire that is eligible for offline access.
What you select determines which records an offline access user can select for offline use. All data,
including cross-referenced and related records, for the specified records download to the offline
access database and are available for offline use on a laptop.
RSA Archer GRC features not supported for offline access
l Application l LDAP
Builder Synchronization
l Data Feeds l Notifications
l Data l Packaging
Publications l Training and
l Data Imports Awareness
l Discussion l User Preferences

Forums
Note: Records from a retired application are not supported in offline access. You can view User
Preferences, but you cannot edit them in offline access.
Use the Offline Access Gateway to select the application or questionnaire that will have offline
access for RSA Archer GRC. After you determine which application or questionnaire you want for
offline access, you can then manage the records in the offline access library.
Configuring Offline Access Gateway

The Manage Offline Access Gateway page contains a list of applications and questionnaires. You
must select the application or questionnaire that is eligible for offline access. RSA does not
recommend selecting an application enabled for Workflow or Advanced Workflow. Application and
Questionnaire records are Read Only in offline access.

You can reconfigure the offline access gateway at any time. The records already used in an offline
access session are synchronized with RSA Archer GRC data the next time the offline access user
performs a synchronization. The offline access user can then select the new records eligible for
offline use.
Process of selecting an application for offline access
You can also configure the offline access gateway to prevent downloading unnecessary applications
and questionnaires that may be referenced by the selected gateway application or questionnaire.

Process of selecting referenced items for exclusion
Configure the offline access gateway
1. Go to the Manage Offline Access Gateway page.
b. Under Offline Access, click Offline Access Gateway.
2. Do one of the following under the Gateway Application tab:
l Click the Applications tab, and select the application for offline access availability.
l Click the Questionnaires tab, and select the questionnaire for offline access availability.
3. (Optional) On the Excluded Applications / Questionnaires tab, select any referenced applications
or questionnaires that you want to exclude from offline access availability.
4. Click Save.
Offline Access Library

The Offline Access Library contains the specified records from the application or questionnaire
designated in Manage Offline Access Gateway. The Offline Access Library is unique for each user
and contains only the records to which that user has permissions. Use the Offline Access Library to
manage the records that are downloaded to and worked in offline access.

When a record is enabled for offline access, all supporting data, including cross-referenced and
related records, for that record is also synchronized. RSA Archer GRC searches all applications or
questionnaires for any cross-referenced and related records. Menus for synchronization and support
are provided for the Offline Access Library.
Process for including supporting data
Record states in the library
Record
Description
State
Strike-through Records synced with offline access and being removed in the
next sync.
Bold New records that will be synced with offline access in the next
sync.
Regular text Records synced with offline access in the next sync.
You can refresh the records in the Offline Access Library by populating the Offline Access Library.
You can remove records from the library clicking , which is displayed next to each record.
Records are removed from the Offline Access Library only.

Menu options for offline access library
The Offline Access Library includes a menu bar with the following functions:
l Start Sync
l Reset Password
The menu option for syncing records changes based on the record state.
Menu
Description
Option
Start Initial state. Records are ready for synchronization.

Sync
Resolve Becomes available when conflicts exist between the offline access data and the RSA
Conflicts Archer GRC data. In addition, if there are any updates to the application, these
changes are also validated.
Restart Becomes available when conflicts are resolved so that synchronization can continue.
Sync
Populate the offline access library
1. Go to the search results of the designated application or questionnaire.
a. From the menu bar, click the Audit Management menu.
b. Click the application or questionnaire that matches your Offline Access gateway.
c. Click and then run a search without adding any additional search
criteria.
2. On the Search Results page, click Options and select Enable Offline Library.
3. Select the records that you want to add to the Offline Access Library.
4. Click .
5. Verify that the specified records appear in the Offline Access Library.
Remove records from the offline access library
1. From the User menu, click Offline Access Library.
2. Click next to the record that you want to remove.

Any records synchronized to offline access appear with a strike-through. The next sync removes
these records from offline access. Records that are not synced are removed from the library.
Resetting Your Offline Access Password

You are assigned a one-time password for logging on to Offline Access. This password is displayed
for a few minutes.
Reset your offline access password

To complete this task, make sure the laptop running offline access is available and you are logged in
to RSA Archer GRC.
2. Click Reset Password.
3. Do one or both of the following one step at a time:
l Click Copy to Clipboard to copy your user name and paste it into the office access login.
l Click Copy to Clipboard to copy the one-time password and paste it into the offline access
login.
4. Click OK.
5. At User Login on the laptop, click OK.
a. Enter your current password (one-time password).
b. Enter a new password.
c. Retype your new password.
7. Click Submit.
Resolving Online Access Conflicts

Conflicts are detected while synchronizing Offline Access with RSA Archer GRC. Record and
Save Validation are types of conflicts you may encounter. The cause of a conflict may vary. Some
conflicts occur during the save validation process when field values are validated. For example, a
required field is missing data or does not have the proper value. Other conflicts occur when a record
is updated in offline access and the same record is updated with different values in RSA Archer
GRC.

You can resolve conflicts any time but they must be resolved before the synchronization can
complete. Offline access is not available until all conflicts are resolved. You can delete an
unresolved offline access record. This action only deletes the record from conflict resolution. The
values entered offline are not saved.
Conflict conditions
l An RSA Archer GRC administrator updated an application that impacts the records in offline
access. For example, made a field required or changed a values list.
l Required data is missing from the record being uploaded from offline access.
l A record that is being worked offline is also updated in RSA Archer GRC with different values.
Stepped process for resolving conflicts
2. Click, Start Sync.
3. Resolve the conflicts.
4. Restart the sync.
Resolving offline access conflict process

You resolve conflict from the Offline Access Unresolved Records page in RSA Archer GRC. This
page contains a list of the records that have record conflicts or save validation conflicts.
Conflict resolution for a record
The following illustration shows a high-level view of record conflict resolution:

Save validation resolution
The following illustration shows a high-level view of the save validation resolution:

The process for record conflicts is different than save validation conflicts.
l For record conflicts, you use the Conflict Resolution page, and specify which field values you
want to keep or discard.
l For save validation conflicts, you use the record details page to update the field values.
When you resolve either conflict, you return to the Offline Access Unresolved Records page. All
conflicts must be resolved to complete the synchronization. Offline access is not available until all
conflicts are resolved.
If the reason that caused the conflict no longer exists, a message is displayed informing you that the
record is no longer in conflict and no further action is required. Click OK to continue
Use the following tasks to resolve offline access conflicts:

Resolve offline access record conflicts

All conflicts must be resolved before you can continue working offline.
1. In offline access, click Resolve Conflicts.
The Offline Access Unresolved Records page opens with the conflicts listed.
2. Click the record that you want to resolve.
3. In Resolution, do one of the following:
l To keep the offline access values, select Keep my changes and discard the changes from the
other processes. Continue at step 6.
l To discard the offline access values, select Discard my changes and keep the changes from
the other processes. Continue at step 6.
l To manually select which values to keep, select Let me choose which changes to keep and
which changes to discard. Continue at the next step.
4. In Conflicts, click the values you want to keep in either the Your Value or System Value
column.
5. Click OK.
6. Repeat steps 2 – 6 until all conflicts are resolved.
7. Click Offline Access Library.
8. Click Restart Sync.
Resolve offline access save validation conflicts

If this condition exists, a warning message is displayed showing a list of fields that must be
corrected.
You must update the record with the required information to resolve the conflict. All conflicts must
be resolved before you can continue working offline.
1. In offline access, click Resolve Conflicts.
The Offline Access Unresolved Records page opens with the conflicts listed.
2. Click the record that you want to resolve, and a warning message displays with a list of the
fields that require resolution.
3. Click OK.
4. Update the record with the necessary information for each field.

5. Click Save.
6. Repeat steps 2 – 5 until all conflicts are resolved.
7. Click Offline Access Library and click Restart Sync.
Delete unresolved offline access records

This action only deletes the record from conflict resolution. The values entered offline are not saved.
1. Go to the Conflict Resolution page
1. Click Offline Access Library.
2. Click Resolve Conflicts.
2. Click the checkbox for each record that you want to delete.
3. Click .
Synchronizing Offline Access Records

Synchronizations are started from the Offline Access Library page of RSA Archer GRC. Before
synchronizing, start the Distributed Transaction Coordinator service on the laptop running offline
access.
Synchronizing offline access to RSA Archer GRC is required:
l The first time you run offline access after installation.
l After purging offline access data.
l To update GRC Platform and offline access with new or updated records.
When a record is enabled for offline access, all supporting data, including cross-referenced or
related records, for that record is also synchronized. Records from a retired application are not
synchronized. Records in an application enabled for Workflow or Advanced Workflow are read only
in offline access.
Important: Appointment details are synchronized in offline access and can be updated while
working offline, but when the data is resynchronized with GRC Platform the relationships between
the parent and resource applications are not saved. You must re-edit these appointment details to
reestablish these relationships.

Synchronization process
Offline access synchronization requires a stable connection to the RSA Archer GRC. If the
connection is lost, the synchronization will fail. You cannot synchronize if the offline access version
does not match the RSA Archer GRC version.
The initial synchronization downloads all records and any supporting data from the Offline Access
Library. If applicable, this process initializes an index rebuild for keyword search that can consume
significant resources.
Subsequent synchronizations ensure that the offline access data is synchronized with the RSA
Archer GRC data. During this synchronization, offline access data uploads to the RSA Archer
GRC, and then any updated (new and existing) records in the Offline Access Library download to
offline access. If data is missing, or does not match the parent record, a conflict is created during the
synchronization. You can resolve conflicts at any time from the Offline Access Library, but must
resolve them before the synchronization can successfully complete.
RSA Archer GRC includes special synchronization options controlled by security parameters to
ensure offline data is synchronized regularly. These options are the following:
l Sync Reminder. If the Sync Reminder option is set and the specified conditions are met, an alert
prompts you to synchronize the offline data with the GRC Platform. You can continue working in
offline access.
l Force Sync. If the Force Sync option is set and the specified conditions are met, you must
synchronize offline access with the GRC Platform. You cannot open offline access until a sync
successfully completes.
l Purge Data. If the Purge Data option is set and a you have not synchronized within the specified
time frame, you will be forced to purge all offline access data upon login and run an initial

synchronization. Offline access is not available until all data is purged and until the initial sync is
completed.
Run the initial offline access synchronization

If an initial sync is required, you are prompted to run it. This process requires a stable connection to
the GRC Platform and takes several minutes.
If applicable, this process initializes an index rebuild for keyword search that can consume
significant resources.
2. Click Start Sync.
3. In offline access, click Continue.
Run a forced offline access synchronization

Complete this task when prompted. When a forced synchronization is required, you cannot start
offline access until the synchronization completes. Your administrator determines whether this
option is required.
Note: This task requires a connection with the GRC Platform and takes several minutes.
3. In offline access, click Continue.
Synchronize offline access

Synchronizing requires a stable connection to the GRC Platform. You run all synchronizations from
the Offline Access Library.
3. Wait until the process completes.

If there is missing data or data that does not match the parent record, a conflict is created during
synchronization. You can resolve conflicts at any time from the Offline Access Library, but must
resolve them before the synchronization can successfully complete.

Offline Access Mode

Offline access enables you to conduct audits offline on a laptop. Working in offline access does not
require a connection to RSA Archer GRC. You can add and update records just as if you were
working directly in RSA Archer GRC. Data is stored in a local database on the laptop and then
synchronized to RSA Archer GRC later.
Before using offline access, start the Distributed Transaction Coordinator service on the laptop
running offline access, and synchronize offline access with RSA Archer GRC. Synchronization
requires a stable connection to RSA Archer GRC. When you finish working offline, you must
synchronize offline access with RSA Archer GRC.
Note: Records from a retired application are not supported in offline access. User Preferences are
honored, but you cannot edit them in offline access.
Offline access utility

Offline access includes a utility that runs from the system tray app. This utility and all supporting
applications automatically install during the offline access installation. The Offline Access utility
acts as the gateway between offline access and RSA Archer GRC.
In addition to this utility, all data and related records of the specified records from the Offline
Access Library download to the local database.
In addition to starting offline access, the Offline Access utility facilitates the following:
l Purging Data in Offline Access
l Working Offline
Logging In to Offline Access

All users must create an offline access password. Single sign-on logins are not available in offline
access.
l If your RSA Archer GRC account uses single sign-on, use the user name and one-time password
presented at login to create an offline access password.
l If your RSA Archer GRC account does not use single sign-on, log in to offline access using your
RSA Archer GRC user name and password.

Important: System administrators who use RSA Archer GRC offline automatically convert to a
general user status and are granted sufficient access rights in the permissions tables. Any change to
either content or meta data that occurs during offline access produces a conflict between offline and
RSA Archer GRC. To resolve a content conflict, you must use the Resolve Offline Access Conflict
process. To resolve a meta data conflict, such as a deleted dashboard or iView, you must purge data
from offline access.
Only one user can log in to offline access from the same laptop--one user, one RSA Archer GRC
instance, and one device.
Offline access user configuration
Login requirements
Upon log in, offline access checks your user account for the appropriate credentials. Enter the
following:
l User name and password
l RSA Archer GRC instance name
l RSA Archer GRC Base URL
If any of these elements do not match, a validation message appears informing you that your user
account is invalid. Verify that you have correctly logged in to both RSA Archer GRC and offline
access.
Log in to offline access - no SSO

This login requires the same login credentials as RSA Archer GRC.

1. On the desktop, double-click the RSA Offline Access icon.
2. Enter the following information:
l Username
l Domain (optional)
l Password
3. Click OK.
Log in to offline access - SSO
1. Go to the Offline Access Library page.
a. From the menu bar, click the User menu.
b. Click Offline Access Library.
2. Click Reset Password.

A one-time temporary password is provided for logging in to offline access.
3. Do one or both of the following:
l Click Copy to Clipboard to copy your user name and paste it into the office access login.
l Click Copy to Clipboard to copy the one-time password and paste it into the offline access
login.
4. Click OK.
5. At User Login page, click OK.
l Current Password (one-time password).
l New Password
l Retype Password
7. Click Submit.

Installing Offline Access

The installation process for Offline Access is separate from the RSA Archer GRC installation. To
install Offline Access, use the installation wizard to guide you through the process. The offline
access installation is a wizard that guides you through the process.
Note: Currently, only the RSA Archer Audit Management solution supports Offline Access.
Preparing for Offline Access Installation
Before installing offline access, your system must meet the following requirements:
Component Requirement
Operating System Windows 7 64-bit
Memory 8 GB RAM
Disk Space 100 GB Hard Drive
Additional Software Microsoft .NET Framework 4.5
Important: Microsoft Sync Framework 2.1 is required and must be installed on the Services server.
For more information, see the Pre-Installation section of the RSA Archer GRC Installation Guide.
By default, the offline access data is stored on the local computer at C:\Users\[username]
\AppData\Roaming\RSA Archer\Offline Access\. Isolating the offline access data ensures that each
offline access user has their own environment for working offline. For example, when a user purges
offline access data, only the offline access data of that user is purged.
Anti-virus and firewall applications may interfere with Offline Access run-time activities. You must
add the Offline Access installation file as a trusted file/process/installer/updater for any anti-virus
and firewall applications that may interfere with the installation.
Before running offline access, start the Distributed Transaction Coordinator service on the laptop
using offline access, and synchronize offline access with RSA Archer GRC.
Install Offline Access

The offline access version must always match the RSA Archer GRC version.
Important: You must have administrator rights to install offline access. If you are upgrading offline
access, close the Offline Access utility before starting the installation.
1. Contact your IT Administrator to obtain the Offline Access installation file.

The IT Administrator downloads the Offline Access installation file from the RSA site and can
provide it to you or auto-deploy the file through a software management system.

2. Double-click the Offline Access installation file.
3. On the RSA Archer Offline - InstallShield Wizard page, click Next.
4. Read the license agreement, and select I accept the terms in the license agreement, and click
Next.
l To accept the default installation folder, click Next.
l To designate a different installation folder, click Change and specify the path to the folder
where you want to install offline access.
6. Click Install. This process takes several minutes.
7. Click Finish to complete the installation.
8. Add the following Offline Access files as trusted processes for any anti-virus and firewall
applications:
File or Process Default Location
Archer.Offline.Tools.Controller.exe C:\Program Files\RSA Archer\Offline Access
Archer.Services.Queuing.exe C:\Program Files\RSA Archer\Offline

Access\services
ArcherTech.JobFramework.Cache.exe C:\Program Files\RSA Archer\Offline

Access\services
ArcherTech.JobFramework.Host.exe C:\Program Files\RSA Archer\Offline

Access\services
ArcherTech.JobFramework.Job.exe C:\Program Files\RSA Archer\Offline

Access\services
iisexpress.exe C:\Program Files\IIS Express
sqlservr.exe C:\Program Files\Microsoft SQL

Server\110\LocalDB\Binn\sqlservr.exe
SqlLocalDB.exe C:\Program Files\Microsoft SQL

Server\110\Tools\Binn\SqlLocalDB.exe
Purging Data in Offline Access

You can remove offline access data permanently by either a forced or manual purge. Complete
either process from offline access using the Purge option of the offline access utility.

Purge Description
Forced A forced purge is controlled through the Purge Data option in security parameters to
ensure that data is purged under ordered conditions. If you have not synchronized within
the specified time frame, you will be forced to purge all offline access data upon login
and to run an initial synchronization. Offline access is not available until all data is
purged and until the initial synchronization is complete.
Manual A manual purge is initiated by you to remove all offline access data permanently from
the laptop. If you want to continue working offline, you must run an initial
synchronization.
Use the manual purge when:
l Moving from one environment to another, for example, test to production.
l Using a different RSA Archer GRC instance.
l Using a different laptop.
Purge offline access data

1. On the taskbar, right-click the RSA icon.
2. Click Tools.
3. At the prompt, click Purge.
4. Run an initial synchronization.
Working Offline
While working offline, you can use the Offline access utility to open the logs created while working
offline and to exit offline access.
Open offline access logs

Offline access includes logs that help you troubleshoot processes. By default, the log files are stored
at C:\Program Data\RSA Archer\Offline Access\Logs.
1. Click the RSA icon on the computer taskbar.
2. Click Tools.
3. Click Open Logs.
Exit offline access
1. On the taskbar, right-click the RSA icon.

2. Click Exit.

Chapter 12: User Access

Access control provides a framework for maintaining users, roles, and security parameters, and for
assigning access rights at the system, application, record, and field levels.
l User accounts allow users to log on to RSA Archer GRC.
l User groups provide a means of grouping users based on organizational structure or geographic
locations.
l Access roles are collections of application-level and page-level rights that an administrator can
create and assign to any number of users and groups to control user privileges (create, read,
update, and delete).
l Security parameters are rules for controlling user access to RSA Archer GRC and its individual
pages.
l LDAP synchronization steamlines the administration of users and groups by allowing updates and
changes that were made in the LDAP server to be automatically reflected in RSA Archer GRC.
Entity permissions
RSA Archer GRC supports user permissions on a number of system components. RSA recommends
that you grant permissions to only the users that need to access these components. When granting
permissions to these components, RSA recommends that you do not select the Everyone group
because that group grants rights for all users. Additionally, RSA recommends that you review the
granted permissions on a routine basis to ensure that the correct access is granted to the users.
Component Permissions Explanation
Workspaces Configured from the Access tab in a workspace or dashboard. RSA recommends
Dashboards that you configure these components to be private.
Global iViews
Global Reports Configured when you save a report. RSA recommends that you set the
Permissions field to Global Report.
Record Configured in a Record Permissions field in an application or questionnaire.

Permissions
Field Configured in the Access tab in a field in an application or questionnaire. RSA

Permissions recommends that you configure fields to be private.

Component Permissions Explanation
Application Configured in Application Builder for the assigned applications, questionnaires,

Owners or sub-forms owners.
Questionnaire
Owners
Sub-Form
Owners
Global Report Configured in Application Builder for the assigned report owners in a specific
Administrators application or questionnaire.
Discussion Configured in Discussion Forums. Discussion forum roles provide administration

Forum Roles and forum creation rights for specific discussion communities.
Security considerations for user access

RSA recommends that you instruct your users to do the following:
l Never give their passwords to anyone, not even to Help Desk administrators.
l Change their passwords at regular intervals.
l Inform your users of what information requests to expect from Help Desk administrators.
l Always log off from the RSA Archer GRC web interface when finished.
l Always lock their desktops when they step away from their computers.
l Regularly close their browser and clear their cache of data.
Note: RSA recommends that you conduct regular training to communicate this guidance to users.
It is important to have well-defined policies around Help Desk procedures for your RSA Archer
GRC installation. RSA strongly recommends that your Help Desk administrators understand the
importance of password strength and the sensitivity of data, such as user logon names and
passwords. Fraudsters frequently use social engineering attacks to trick unsuspecting employees or
individuals into divulging sensitive data that can be used to gain access to protected systems.
Creating an environment where an end user is frequently asked for this kind of sensitive data
increases the opportunity for social engineering attacks. Train end users to provide—and Help Desk
administrators to request—the least amount of information needed in each situation.
RSA recommends that you use the following guidelines to help reduce the likelihood of a successful
social engineering attack:

l If Help Desk administrators need to initiate contact with a user, they should not request any user
information. Instead, users should be instructed to call the Help Desk back at a well-known Help
Desk telephone number to ensure that the original request is legitimate.
l The Help Desk telephone number should be well known to all users.
l Help Desk administrators should only ask for user name of the user over the phone when they call
the Help Desk. Help Desk administrators should never ask for user passwords.
l Help Desk administrators should authenticate the user's identity before performing any
administrative action on a user's behalf. RSA recommends that you verify user identity using the
following methods:
l Call the user back on a phone owned by the organization and on a number that is already stored
in the system.
Important: Be careful when using mobile phones for identity confirmation, even if they are
owned by the company because mobile phone numbers are often stored in locations that are
vulnerable to tampering or social engineering.
l Send the user an email to a company email address. If possible, use encrypted email.
l Work with the manager of the employee to verify the user identity.
l Verify the identity in person.
l Use multiple open-ended questions from employee records. For example: Name one person in
your group. or What is your badge number? Avoid yes or no questions.
User Accounts
Each RSA Archer GRC user must have an account to log on to the system. When adding a user
consider the following:
l Will the user be notified of password information?
l Will the user be forced to change the password at next log in?
l Does the user speak a language different from the default language?
l Does the user require a specific security parameter?
l What groups should the user be enrolled in, and which access roles should be assigned to the user
account?

Important: RSA strongly recommends that you ensure that users are approved for logging on to the
system before you create an account for them. Even when users are approved, RSA recommends
that you only assign the minimum set of access permissions that enable the users to perform their
job.
New user account with system administrator privileges

RSA recommends that you create a new user account and assign the System Administrator access
role to it. This access role grants the account all rights within RSA Archer GRC.
For instructions on creating a new user account, see Adding User Accounts. For instructions on
assigning access roles to an account, see Assigning Access Role to Users.
Important: RSA recommends that before issuing this account, you ensure that the user is approved
for full access to the system.
User account passwords

All new user accounts are created with a unique password assigned manually by an administrator or
generated randomly by RSA Archer GRC. RSA strongly recommends that you enable the Force
Password Change on Next Sign-In option in RSA Archer GRC for all new user accounts.
Configuring this option requires users to change their password the first time that they log on to RSA
Archer GRC.
RSA Archer GRC enforces the password strength, logon, and session time-out policies defined in
security parameters.
Note: These security parameters are enforced by RSA Archer GRC across all user accounts except
the sysadmin and service accounts. RSA strongly recommends that you instruct your administrators
on your corporate IT policy and security best practices for generating and managing passwords for
all accounts.
The following table shows the password settings of the default security parameter. RSA
recommends that you treat these settings as the minimum requirement for enforcing strong
passwords and secure sessions in RSA Archer GRC.
Parameter Setting
Minimum password length 9 characters
Alpha characters required 2 characters
Numeric characters required 1 character
Special characters required 1 character

Parameter Setting
Uppercase characters required 1 character
Lowercase characters required 1 character
Password change interval 90 days
Previous passwords disallowed 20 passwords
Grace logons 0 logon
Maximum failed logon attempts 3 attempts
Session time-out 10 minutes (sysadmin account)

30 minutes (service account)
Account lockout period 999 days
Adding User Accounts

You must create a user account for each of your users who needs to access RSA Archer GRC.
Login credentials are the same on the mobile device as they are for RSA Archer GRC. Mobile users
log in to mobile devices using their user name and password that is established in their user account.
Add a user account

1. Go to the Manage Users page.
How to get there
b. Under Access Control, click Users.
2. Click Add New.
3. In the General Information section, enter the name of the user, the user name for log on, and the
domain

First The valid name of the user. First and last names are required.
Name, Middle
Name, and
Last Name
User Name A seven character system-defined name in all lowercase. The user name
contains the first six characters of the Last Name followed by the first
character of the First Name. If the Last Name is fewer than six characters,
the system uses additional characters from the First Name to make a seven-
character user name. If the user name is not unique in the domain, the system
appends a number (up to 999) to the end of the name to make the name unique.
User Domain If your RSA Archer GRC instance has one or more Lightweight Directory
Access Protocol (LDAP) configurations defined., select the domain to which
the user is a member. To use the RSA Archer domain, select No Domain.
4. (Optional) In the Contact Information section, enter the default email address and any other
pertinent information for contacting the user.
Address The complete address of the user.
Company The company name.
Title The title of the user.
Default The default email used throughout RSA Archer GRC when a user email is
Email required, for example, when instructions are sent for resetting a password.
If you are sending the user an email notification with password information, you
must specify the Default Email for the user.
Email 2 The alternate email addresses for the user. You can enter up to five email
through 5 addresses, enabling the user to configure a notification subscription to send emails
to alternate or multiple accounts.

Phone 1 The telephone numbers for the user. The following phone types are available:
through 5
l Assistant l ISDN
l Business l Mobile
l Business 2 l Mobile 2
l Business Fax l Other
l Home l Other 2
l Home 2 l Other Fax
l Home Fax l Pager
5. (Optional) In the Localization section, enter the time zone, locale, and language if the location
and language of the user is different from the system.
Option Description
Time The time zone for the location of the user. Time is based on Coordinated Universal
Zone Time (UTC), also referred to as Greenwich Mean Time (GMT). RSA Archer
GRC uses this time standard for converting time and dates based on the instance or
user locale. All time is stored as UTC and converted based on the time zone of the
user.
Locale The physical location of the user.
Override Overrides the default language set for the instance. When you select this option,
Language you must specify the language.
Language The language of the user.
6. In the Account Maintenance section, enter the user password and assign the security parameter
for this user.
Status The current status of the user account. The options are Active, Inactive, or
Locked.

Password For new user accounts, the password must be entered (Enter) and then entered
again (Confirm). These entries must exactly match. The password must
conform to the default security parameter password rules.
For existing user accounts, use the Change Password link to change the
password manually.
The Send user a notification with password information option enables RSA
Archer GRC administrators to notify new users that the user account has been
setup with a temporary password and may require a password change.
Force Determines whether the user is forces to change the password the next time the
Password user logs in.
Change
Security The security parameter assigned to the user. A user can only have one security
Parameter parameter assigned at a time.
Notifications Enables users to select which records and applications that they want to
Subscriptions receive notifications when an update occurs.
7. (Optional) Select the Send user a notification with password information checkbox if you want to
send the user an email notification of the password change.
Note: If you do not select this checkbox, you must inform the user of the new password. The
Default Email address is used for the notification email.
8. (Optional) In the Notes section, record any additional information about the user account, for
example, listing hours of availability or preferences for how the user should be contacted.
Account notes appear when users click a linked user name in RSA Archer GRC to view the user
profile.

Ending Active User Sessions

When you end an active user session, the user is logged off from RSA Archer GRC immediately and
must log back on to continue working.

End an active user session
2. Click the row of the user account that you want to log off and view the description.
3. In the Actions column, click for the user account that you want to log off.
Viewing User Logon History

You can view all of the sessions associated with any user account, and review details such as the
date, start time, and duration of each session.
View user logon history
1. Go to the user account.
c. Select the user account that you want to view.
2. In the Account Maintenance section, click the text in Last Login field.
The Login History page opens.
Updating User Accounts
Update a user account
1. Go to the General Information tab of the user account that you want to update.
c. Select the user record.
d. Click the General Information tab.

First The valid name of the user. First and last names are required.
Name, Middle
Name, and
Last Name
User Name A seven character system-defined name in all lowercase. The user name
contains the first six characters of the Last Name followed by the first
character of the First Name. If the Last Name is fewer than six characters,
the system uses additional characters from the First Name to make a seven-
character user name. If the user name is not unique in the domain, the system
appends a number (up to 999) to the end of the name to make the name unique.
User Domain If your RSA Archer GRC instance has one or more Lightweight Directory
Access Protocol (LDAP) configurations defined., select the domain to which
the user is a member. To use the RSA Archer domain, select No Domain.
3. Complete the Contact Information section.
Address The complete address of the user.
Company The company name.
Title The title of the user.
Default The default email used throughout RSA Archer GRC when a user email is
Email required, for example, when instructions are sent for resetting a password.
If you are sending the user an email notification with password information, you
must specify the Default Email for the user.
Email 2 The alternate email addresses for the user. You can enter up to five email
through 5 addresses, enabling the user to configure a notification subscription to send emails
to alternate or multiple accounts.

Phone 1 The telephone numbers for the user. The following phone types are available:
through 5
l Assistant l ISDN
l Business l Mobile
l Business 2 l Mobile 2
l Business Fax l Other
l Home l Other 2
l Home 2 l Other Fax
l Home Fax l Pager
4. Complete the Localization section.
Option Description
Time The time zone for the location of the user. Time is based on Coordinated Universal
Zone Time (UTC), also referred to as Greenwich Mean Time (GMT). RSA Archer
GRC uses this time standard for converting time and dates based on the instance or
user locale. All time is stored as UTC and converted based on the time zone of the
user.
Locale The physical location of the user.
Override Overrides the default language set for the instance. When you select this option,
Language you must specify the language.
Language The language of the user.
5. Complete the Account Maintenance section.
Status The current status of the user account. The options are Active, Inactive, or
Locked.

Password For new user accounts, the password must be entered (Enter) and then entered
again (Confirm). These entries must exactly match. The password must
conform to the default security parameter password rules.
For existing user accounts, use the Change Password link to change the
password manually.
The Send user a notification with password information option enables RSA
Archer GRC administrators to notify new users that the user account has been
setup with a temporary password and may require a password change.
Force Determines whether the user is forces to change the password the next time the
Password user logs in.
Change
Security The security parameter assigned to the user. A user can only have one security
Parameter parameter assigned at a time.
Notifications Enables users to select which records and applications that they want to
Subscriptions receive notifications when an update occurs.
6. (Optional) In the Account Notes section, enter any additional information about the user account.

Deleting User Accounts

When you delete a user account, the user can no longer log on to RSA Archer GRC. The user name
is no longer available for selection in the User/Groups List and Record Permissions fields. In saved
records where the user name has been selected in a User/Groups List or Record Permissions field,
the user name is removed. After you have deleted a user account, you can reuse the associated user
name for another account, or you can re-create the deleted account and assign the same user name
that was used in the original account.
Note: You cannot delete a user account that is used in an advanced workflow.

Delete user accounts
2. Click the user account that you want to delete and view the description.
3. In the Actions column, click for the user account that you want to delete.
4. When prompted to confirm the deletion, click OK.
User Groups
User groups are groups of users set by an administrator. You can use user groups to other groups to
create a hierarchical structure of user groups and subgroups. For example, you might create a Sales
group that includes all user accounts for members of the Sales team. Under the Sales group, you can
create other groups, such as Midwest Sales Team and East Coast Sales Team and add the
appropriate users to these user groups.
Use groups to streamline many key tasks in RSA Archer GRC according to your business practices:
l Assign access rights at the application, page, record, and field level to user groups rather than
individual users.
l Enroll a user group in a discussion forum in a single step.
l Send a Training and Awareness event to members of a specific user group, such as the Incident
Investigation group.
When a user becomes a member of a user group with an associated role, the user automatically
receives the permissions of the access role. For example, a group called Policy Administrators has
an associated access role that grants create, read, and update privileges to the Policies application.
All members added to this user group are granted the same access rights related to policy-related job
functions.
Important: Users must exist before groups can be created. Groups must exist before adding an
access role or security parameter.
Other uses for groups
l Administrative functions
l Global reports

l Data records
l Private fields
l Email notifications
l Content Review stages
l Training and Awareness campaigns
l Forums and polls
Adding User Groups

Users must exist before groups can be created. Groups must exist before adding an access role or
security parameter.
Add a user group
Note: When importing and installing a package that contains groups, you must manually add the
members of the group to that group. For more information, see Packaging in the Help.
1. Go to the Manage Group: (New) page.
b. Under Access Control, click Groups.
2. Click Add New.
3. In the General Information section, enter the name and description of the group.

Add members to a user group
1. Go to the group to which you want to assign members.

c. Select a group.
2. In the Members section, from the Available list, select the groups and users that you want to be
members of the group. You can either browse through the nodes or use the Find field to search
for a specific user or group.

Add a user group to another group
1. Go to the group that you want to add as a member of one or more other groups.
c. Select the user group.
2. In the Member Of section, from the Available list, expand Groups, and select the group or
groups that you want to serve as a parent for the current group. You can also use the Find field to
search for a specific group.

Assigning Users to User Groups

Complete these tasks to assign a user to a group or unassign a user group from the user account.
Important: If a group is created through LDAP synchronization, you cannot use these tasks to
assign or unassign a group. To assign or unassign a user from an LDAP group, you must make the
appropriate changes in your LDAP directory and then run a data synchronization.

Assign a user to a group
1. Go to the user account that you want to assign to the group.
c. Select the user account that you want to update.
2. Click the Groups tab.
3. Click Lookup.
4. In the Available list, expand the Groups tree and select the group.
Note: To search for a specific group, enter the group name in Find and click . The results of
your search appear in the Available list of the Search Results node.
5. Click OK.

Unassign a user group from the user account
1. Select the user account that you want to unassign from a group.
2. Click the Groups tab and click Lookup.
3. From the Selected list, click for the group that you want to unassign.
4. Click OK.

Deleting User Groups

You can delete a User Group from the Managing Groups page. You cannot delete the Everyone
group; this group contains all users, and any group that has been selected from a User/Groups List or
Record Permissions field in a content record.
Important: You cannot delete user groups that are used in an advanced workflow.
If a group contains subgroups, remove the subgroups from the group before you delete the group.
Important: If the group was created through LDAP synchronization, you cannot use this task to
delete the group. You must make the appropriate changes in your LDAP directory and then run a
data synchronization.
Delete a user group
1. Go to the Manage Groups page.
2. Click the row of the group that you want to delete and view the description.
3. In the Actions column, click for the group you want to delete.
4. Click OK to confirm deletion.
Access Roles
An access role is a collection of application-level and page-level rights that an administrator can
create and assign to any number of users and groups to control user privileges (create, read, update,
and delete). For example, the access role of a General User might allow access only to applications.
The access role of an Administrative User might allow access only to RSA Archer features.
RSA Archer GRC comes with an access role called System Administrator that you cannot delete or
modify. The System Administrator role grants users unrestricted access to all RSA Archer features
and to all records stored in applications, including records enrolled in content review. Only users
who have already been designated as System Administrators can assign the System Administrator
role to other users.
RSA Archer GRC solutions include pre-defined access roles for use with the solution.

You can assign access roles to users through group membership or directly to user accounts. RSA
recommends that you assign permissions through group membership and not assign permissions
directly to user accounts.
For instructions on assigning permissions through group membership, see Assigning Access Roles to
Users and Groups.
As the number of users, groups, and applications increases, keeping track of who has access to what
becomes more complex. RSA recommends simplifying the process. Start by creating granular access
roles for each of your applications, for example, Policy Administrator, Policy Author, and Policy
Reader. Granting access to new or existing users and groups then becomes as simple as selecting
from a list of predefined access roles.
Importing access roles

Although access roles are supported objects in the packaging process, when you import access roles
with groups during the packaging process, you must manually associate each access role to the
respective group. You must also manually add users to each group in the target instance after the
package is installed.
Adding Access Roles

When you create an access role, you define the application and page-level rights for all users
assigned the role.
Page-level rights
Rights Description
Create Create new content on a page, such as records, fields, notification templates, and
content review stages.
Read Read existing content on a page, such as records, fields, notification templates, and
Update Modify existing content on a page, such as records, fields, notification templates, and
Delete Delete page content.
Add an access role
1. Go to the Manage Access Role page.

b. Under Access Control, click Access Roles.
2. Click Add New.
l If you want to create a new access role, click Create a new Access Role from scratch and
click OK.
l If you want to create a new access roles from an existing access role, click Copy an existing
Access Role. Select the existing access role from the Access Role list, and click OK.
4. In the General Information section, enter a name and description for the access role.
5. (Optional) If you want to enter an Alias, click Apply and then enter an Alias name.
6. (Optional) In the Default Access Role field of the Default Access Role section, click Assign as
Default if the access role is to be the default access role for all users and groups.
7. (Optional) In the Group Assignments section, assign groups to the access role.
8. Click Apply.
9. Click the Rights tab and click or clear the (Create, Read, Update, and Delete) checkboxes that
correspond to the appropriate rights for each page type.
l If you grant a user or group access to the Manage Global Values Lists page, these individuals
have access to all global values lists in RSA Archer GRC. If you want a user to have access
to specific global values lists and not all lists, select the appropriate CRUD access for the
individual global values list.
l If you grant access rights to import data, you must also grant rights to the content record that
data will be imported into. For example, if you want users to be able to import data into the
Policies application, you must grant access to Integration: Data Imports and Create, Read, and
Update rights to Policies: Content Record and Policies: Data Import.


Assigning Rights to Access Roles

When adding or updating an access role, you can assign which page-level rights users and groups
will have.
Assign rights to an access role
1. Go to the Rights tab of the access role to which you want to assign rights.
c. Select the Access Role.
d. Click the Rights tab.
2. Click or clear the (Create, Read, Update, and Delete) checkboxes that correspond to the
appropriate rights for each page type.
Rights Description
Create Create new content on a page, such as records, fields, notification templates, and
Read Read existing content on a page, such as records, fields, notification templates, and
Update Modify existing content on a page, such as records, fields, notification templates, and
Delete Delete page content.

Assigning Access Role to Users or Groups

Access roles are cumulative and can be assigned to any number of users or groups, and users can
have more than one access role.
Example
One access role grants create, read, and update privileges in the Policies applications and another

access role grants only delete privileges. A user who is assigned both access roles possesses create,
read, update, and delete privileges in the Policies applications.
You can assign access roles to users in either of the following ways.
Assign an access role to a user
1. Open the user account to which you want to assign an access role.
c. Select the user account.
2. Click the Roles tab.
3. Click Lookup.
4. In the Available list, expand the Roles tree and click the access role you want to assign.
5. Click OK.

Assign an access role to a user group

The group that you are assigning to the access role must exist.
If you associate a user group with an access role and the group contains subgroups, the subgroups
are not automatically associated with the access role. To associate subgroups with an access role,
you must also select the subgroups.
1. Open the access role to which you want to assign a user group.

c. Select the access role.
2. In the Group Assignments section, click Assign.
3. From the Available list, expand Groups, and select the group or groups to which you want to
assign the access role. You can also use the Find field to search for a specific group.

Unassign an access role from a user account

You only can remove roles in which the Assignment Method is set to Manual.
1. Open the user account from which you want to unassign an access role.
2. Click the Roles tab.
3. From the Selected list, click for the access roles that you want to unassign.
4. Click OK.

Setting the Default Access Role

The default access role is automatically assigned to all new user accounts. You can only set one
access role as the default.

Setting the default access role
1. Open the access role that you want to make the default access role.
2. In the Default Access Role section, click Assign as Default.

Updating Access Roles

An access role can be updated by users with designated permissions.
Update an access role

Complete only the steps that apply to the property that you are changing.
1. Open the access role that you want to update.
b. Under Access Control, click Access Role.
2. (Optional) In the General Information section, update the name or description.
3. (Optional) In the Default Access Role section, click Assign as Default.
4. (Optional) In the Group Assignments section, click Assign and do the following:
l To assign an access role, under Available, select the group or groups to which you want to
assign the access role.
l To search for a specific group, enter the group name in the Find field and click .
l To remove a group from the Selected list, click for the access role that you want to remove
from the list.

5. (Optional) Click the Rights tab and click or clear the checkboxes that correspond to the
appropriate rights for each page.

Deleting Access Roles

CAUTION: Deleting an access role is permanent. You cannot recover a deleted access role. Users
and groups that are assigned to the deleted access role lose the privileges of the access role.
You cannot delete the default access role. To delete the default access role, first set another access
role as the default access role.
Delete an access role
1. Go to the Manage Access Roles page.
2. In the row of the access role that you want to delete, in the Actions column, click .
3. Click OK to confirm the deletion.
Security Parameters
Security parameters allow you to control the password and authorization rules for user sessions.
l Password rules determine the password strength requirements and how frequently passwords must
be changed.
Note: The instance security settings determine whether users are allowed to change their
password while working in RSA Archer GRC. Verify with your IT administrator that your
instance is configured to allow users to change their passwords. Instance parameters are managed
in the RSA Archer Control Panel.
l Authorization rules determine how users may access their account, the length of a session, and
the system behavior if a user locks him or herself out of the account.

You can create any number of security parameters, but only one security parameter is assigned to a
user. You can designate a security parameter as the default parameter for all new user accounts.
If your instance is licensed for offline access or the mobile app, you must define security parameters
for mobile users. These parameters include account lockout duration, session time-out behavior,
active session restrictions, and sync alert behaviors.
Security parameters for a single sign-on

If your organization uses a single sign-on (SSO) solution, most security parameter settings are not
applicable because your network enforces:
l Password expiration
l Account lockout
l Time frames
l Password strength requirements
After successfully authenticating, SSO solution users can access RSA Archer GRC with no need for
defined security parameters.
Adding Security Parameters

Security parameters determine the password and authorization rules for user sessions.
Note: The instance security settings determine whether users are allowed to change their password
while working in RSA Archer GRC. Verify with your IT administrator that your instance is
configured to allow users to change their passwords. Instance parameters are managed in the RSA
Archer Control Panel.
Add a security parameter
1. Go to the Manage Security Parameters page.
b. Under Access Control, click Security Parameters.
2. Click Add New.
l If you want to create a new security parameter, select Create a new Security Parameter from
scratch, and click OK.

l If you want to create a new security parameter from an existing security parameter, select
Copy an existing Security Parameter, select the existing security parameter from the Security
Parameter list, and click OK.
4. In the General Information section, enter the name and description of the security parameter.
5. (Optional) In the Alias field, enter a different name if you want to use an alias to identify the
security parameter.
6. In the Password Properties section, enter password rules that you want to enforce.
Property Action
Password format a. In the Minimum Password Length field, select the minimum number of
characters or select Other and enter a different value.
b. In the Numeric Characters Required field, select the minimum number

of numbers or select Other and enter a different value.
c. In the Uppercase Characters Required field, select the minimum

number of uppercase characters or select Other and enter a different
value.
d. In the Alpha Characters Required field, select the minimum number of

alphabetic letters or select Other and enter a different value.
e. In the Special Characters Required field, select the minimum number of

special characters or select Other and enter a different value.
f. In the Lowercase Characters Required field, select the minimum

number of lowercase characters or select Other and enter a different
value.
Password a. In the Previous Passwords Disallowed field, select the number of

limitations previous passwords a user may not use as the new password or select
Other to enter a different value.
b. In the Grace Logins field , select the number of times a user is allowed
to bypass the password change alert or select Other to enter a different
value.

Property Action
Password In the Password Expiration Notice field, select the number of days for
expiration notice prompting the user to change the password or select Other to enter a
different value.
Password In the Password Change Interval field, the number of days after which a
change interval user is required to change the password or select Other to enter a different
value.
Restrict a. In the Password Change Limit field, click Enable password change
frequency of limit.
password
change b. Enter or select the period (in Hours) in which users can change their
passwords for this security parameter.
7. In the Authorization Properties section, enter the authorization rules that you want to enforce.
Rule Action
Number of allowed In the Maximum Failed Login Attempts field, select the number of
login failures unsuccessful login attempts a user is allowed, or select Other to enter a
different value.
Account lockout In the Account Lockout Period field, select the period that an account
period after login remains locked before the user can log in again, or select Other to enter
failures another value.
Timeout for an In the Session Timeout field, select the maximum length of time an
inactive session active user session without activity can remain active before the session
is automatically timed out, or select Other to enter a different value.
Time limit for In the Automatic Account Deactivation field, select the number of days
account inactivity a user account can remain inactive before the account becomes
deactivated, or select Other to enter a different value.

Rule Action
Time period a. In the Limit Session Time field, click Allow active user sessions
allowed for user only for a specific time period.
sessions
b. In the From field, enter the start time of the period.
c. In the To field, enter the end time of the period.
d. In the Time Zone field, select the time zone that applies to the active
session limitation.
Active user session a. In the Static Session Timeout field, click Enable static session
period before timeout.
requiring re-
authentication b. Select the time interval that is allowed for active user sessions
before the user must re-authenticate.
Days disallowed for In the Days Disallowed field, click and select the days (Sunday through
user sessions Saturday) that user sessions are not allowed and click OK.
To remove a day from the Selected list, click adjacent to the day that
you want to remove from the list.
Dates disallowed In the Dates Disallowed field, click and select the dates that user
for user sessions sessions are not allowed and click OK.
To remove a date from the Selected list, click adjacent to the date that
Warning period a. In Session Timeout Warning, select Enable session timeout warning.
before the session
times out b. In Seconds, enter the length of the warning period in the range 30 to
300.

Security Parameters for Mobile Users

To set mobile authorization properties in a security parameter, either the instance must be licensed
for mobile questionnaires or the solution must be licensed for offline access. If the instance or
solution is not licensed, the Mobile Authorization Properties section is not displayed on the Manage
Security Parameter page.

The security parameters for a mobile user include:
Login credentials for mobile users

Mobile users log in with the same credentials as they use when logging in to RSA Archer GRC as
shown in the following example:
Credentials RSA Archer GRC Login Mobile User
Username smithj smithj
Password Archer123! Archer123!
When mobile users want to sync data between offline access or the mobile app and RSA Archer
GRC, they must log in to the mobile device and provide their RSA Archer GRC credentials when
prompted to sync. For the mobile app, single sign-on (SSO) is not supported.
First time logins
The type of mobile user determines the steps taken during the initial log in.
l For offline access, users must synchronize data from the RSA Archer GRC solution to a laptop
computer.
l For the mobile app, users need the RSA Archer GRC URL, domain, and instance to access for
mobile data.
Session behaviors for mobile users

Mobile authorization properties for mobile session behaviors control the following:
l Failed login attempts
l Session timeouts
l Session termination
Example: How default behaviors affect a mobile session
You can configure these values meet your own business requirements and user needs.

Option Value Behavior
Maximum 3 The mobile user is allowed to attempt to log in using incorrect credentials
Failed attempts (user name, company ID, and password combination) up to three times.
Login
Attempts
Account 30 The mobile user account is locked for 30 minutes, preventing the user from
Lockout minutes attempting to log in to a session after exceeding the maximum failed login
Period attempts. After that time, the mobile user can attempt to log in again up to
the maximum failed login attempts.
Session 30 The mobile session is active for 30 minutes after the last detected user
Timeout minutes activity. After this duration, the session is automatically timed out, and the
user is prompted to log in again.
Static blank The mobile session has no limit to availability to the user.
Session
Timeout
Close on blank The mobile session remains active after the mobile app is closed. This
Exit option does not apply to offline access.
Data synchronization and data purge behaviors for mobile users

Mobile authorization properties for data synchronization and data purge behaviors control the
following:
l When users are reminded to synchronize data
l When users are forced to synchronize
l When users are forced to purge data from the mobile device
The synchronization rules work together to ensure that mobile users maintain current data and offline
access users sync regularly with RSA Archer GRC.
Example: How default purge behaviors and individual sync alerts influence synchronized data
You can configure these options and values meet your own business requirements and user needs.

Option Value Behavior
Sync 15 On the 15th day after the last synchronization, the mobile user will be
Reminder Days reminded upon log in to synchronize data with RSA Archer GRC. The
reminder continues to appear until the user syncs or reaches the Force Sync
limit.
Force 30 On the 30th day after the last synchronization, the mobile user will be forced
Sync Days to synchronize data with RSA Archer GRC or the application, until the Purge
Data limit is reached.
Purge 45 If the mobile user has not synchronized data with RSA Archer GRC in 45
Data Days days, all data mobile data will be purged when the user attempts to access the
application. The mobile user will be forced to do an initial log-in and
synchronization.
Adding Security Parameters for Mobile Users

Security parameters for mobile users provide additional settings that allow you to define data
synchronization and data purge behaviors and override the default session behaviors. Security
parameter settings become effective on the mobile device the next time the user syncs the device
with RSA Archer GRC.
Note: To access mobile-specific settings, either the instance must be licensed for mobile
questionnaires or the solution must be licensed for offline access. If the instance or solution is not
licensed, the Mobile Authorization Properties section is not present on the Manage Security
Parameter page.
Add a security parameter for mobile users
2. Click Add New.
4. In the Password Properties section, enter the password rules that you want to enforce.

Property Action
Password format a. In the Minimum Password Length field, select the minimum number of
characters or select Other and enter a different value.
b. In the Numeric Characters Required field, select the minimum number

of numbers or select Other and enter a different value.
c. In the Uppercase Characters Required field, select the minimum

number of uppercase characters or select Other and enter a different
value.
d. In the Alpha Characters Required field, select the minimum number of

alphabetic letters or select Other and enter a different value.
e. In the Special Characters Required field, select the minimum number of

special characters or select Other and enter a different value.
f. In the Lowercase Characters Required field, select the minimum

number of lowercase characters or select Other and enter a different
value.
Password a. In the Previous Passwords Disallowed field, select the number of

limitations previous passwords a user may not use as the new password or select
Other to enter a different value.
b. In the Grace Logins field , select the number of times a user is allowed
to bypass the password change alert or select Other to enter a different
value.
Password In the Password Expiration Notice field, select the number of days for
expiration notice prompting the user to change the password or select Other to enter a
different value.
Password In the Password Change Interval field, the number of days after which a
change interval user is required to change the password or select Other to enter a different
value.

Property Action
Restrict a. In the Password Change Limit field, click Enable password change
frequency of limit.
password
change b. Enter or select the period (in Hours) in which users can change their
passwords for this security parameter.
5. In the Authorization Properties section, enter the authorization rules that you want to enforce.
Rule Action
Number of allowed In the Maximum Failed Login Attempts field, select the number of
login failures unsuccessful login attempts a user is allowed, or select Other to enter a
different value.
Account lockout In the Account Lockout Period field, select the period that an account
period after login remains locked before the user can log in again, or select Other to enter
failures another value.
Timeout for an In the Session Timeout field, select the maximum length of time an
inactive session active user session without activity can remain active before the session
is automatically timed out, or select Other to enter a different value.
Time limit for In the Automatic Account Deactivation field, select the number of days
account inactivity a user account can remain inactive before the account becomes
deactivated, or select Other to enter a different value.
Time period a. In the Limit Session Time field, click Allow active user sessions
allowed for user only for a specific time period.
sessions
b. In the From field, enter the start time of the period.
c. In the To field, enter the end time of the period.
d. In the Time Zone field, select the time zone that applies to the active
session limitation.
Active user session a. In the Static Session Timeout field, click Enable static session
period before timeout.
requiring re-
authentication b. Select the time interval that is allowed for active user sessions
before the user must re-authenticate.

Rule Action
Days disallowed for In the Days Disallowed field, click and select the days (Sunday through
user sessions Saturday) that user sessions are not allowed and click OK.
To remove a day from the Selected list, click adjacent to the day that
Dates disallowed In the Dates Disallowed field, click and select the dates that user
for user sessions sessions are not allowed and click OK.
To remove a date from the Selected list, click adjacent to the date that
Warning period a. In Session Timeout Warning, select Enable session timeout warning.
before the session
times out b. In Seconds, enter the length of the warning period in the range 30 to
300.
6. In the Mobile Authorization Properties section, enter the mobile authorization rules that you want
to enforce.
Property Action
Number of allowed login failures a. In the Maximum Failed Login Attempts field, specify
and account lockout period the number of allowable attempts.
b. In the Account Lockout Period field, specify the

duration of the lockout period.
Timeout for an Inactive Mobile In the Session Timeout field, specify the inactivity duration
Session of the session before the user is logged out automatically.
Active Mobile Session Period In the Static Session Timeout field, click Enable static
Before Requiring Re- session timeout, and then select the duration.
Authentication
Whether the Mobile Session In the Close on Exit field, click Enable session termination
Terminates When Closing after closing the mobile application.
Sync Reminder Alerts for Mobile In the Sync Reminder of Sync Alerts field, specify the
Users number of days from the last synchronization.
Time Limit for Forcing Mobile In the Force Sync of Sync Alerts field, specify the number
Users to Sync of days from the last synchronization.

Property Action
Disable Automatic Purging of In the Purge Data of Sync Alerts field, clear the box.
Data for Mobile Users
Retention Days Before Mobile In the Purge Data of Sync Alerts field, select the number
Data Is Purged of days from the last synchronization.

Assigning Security Parameters to Users

Complete this task to assign a specific security parameter to the user. By default, all users are
assigned the default security parameter when you create the user account.
Assign a security parameter to a user
1. Go to the General Information tab of the user account to which you want to assign a security
parameter.
d. Click the General Information tab.
2. Go to the Account Maintenance section.
3. In the Security Parameter list, select the parameter that you want to assign to the user.
4. (Optional) View the properties of the selected security parameter:
a. In Security Parameter Detail, click View Security Parameter.
b. Click OK.


Setting the Default Security Parameter

The default security parameter is automatically assigned to all new user accounts. You can only set
one security parameter as the default.
Set the default security parameter
1. Select a security parameter to set as the default.
c. Select the security parameter.
2. In the Default Security Parameter section, click Assign as Default.

Deleting Security Parameters

Complete this task to delete security parameters when they are no longer valid or created in error.
Note: You cannot delete a default security parameter that is in use. To delete the default security
parameter, assign another security parameter as the default.
Delete a security parameter
2. In the row of the security parameter that you want to delete, in the Actions column, click .

LDAP Configuration
As an administrator of the Access Control feature, you can synchronize information between RSA
Archer GRC and your organization Lightweight Directory Access Protocol (LDAP) server. With
LDAP synchronization, you can streamline the administration of user accounts and groups by
allowing updates and changes that were made in the LDAP server to be automatically reflected in
RSA Archer GRC.
The LDAP configuration feature allows you to do the following:
l Associate user accounts with LDAP users.
l Create accounts when new users are found on the LDAP server.
l Deactivate accounts that can no longer be directly associated with an LDAP user. (User accounts
cannot be deleted through LDAP synchronization.)
l Reactivate accounts when certain user criteria is found on the LDAP server, for example,
renewed employment status.
l Update user profile data for accounts based on LDAP changes.
The LDAP configuration feature accepts multiple-domain, single sign-on (SSO) information and
synchronizes with multiple discrete LDAP systems, which allows you to do the following:
l Unify logon procedures in heterogeneous domain environments.
l Incrementally add new domains to existing user access configurations.
l Synchronize data with multiple domain accounts.
LDAP groups cannot be mapped to a previously existing RSA Archer group. The synchronization
process replicates the LDAP group structure within RSA Archer. Groups created in the
GRC Platform by the LDAP synchronization process cannot be edited within RSA Archer GRC.
LDAP configuration with multiple domains

RSA recommends that you do not specify a default LDAP configuration if your organization employs
multiple domains and allows non-unique user names across your domains. If you do, an individual
with an identical user name to an individual in the default domain could potentially gain improper
access to RSA Archer GRC.
For example, the following two people exist in different domains: John Smith from the Asia-Pacific
domain (jsmith@apac.company.com) and Jim Smith from the United States domain
(jsmith@us.company.com). Assume that the apac.company.com domain is not valid in this RSA
Archer GRC instance. Also assume that a default LDAP configuration is specified and the default
domain is us.company.com.

Now, when John Smith (jsmith@apac.company.com) tries to log on to RSA Archer GRC using SSO.
Because the apac.company.com domain is not valid, RSA Archer GRC attempts to validate him in
the default domain by the user name "jsmith." RSA Archer GRC matches this user name to an
existing account, jsmith@us.company.com, even though it is a different individual and allows John
Smith to log on to RSA Archer GRC with the account of Jim Smith.
Configuring LDAP for Managing User Accounts and Groups

Before you can update your user accounts and groups through an LDAP server, you must configure
your LDAP server, map attributes from your LDAP directory to your user accounts in RSA Archer
GRC, and set the rules for creating, updating, activating, and reactivating the user accounts and
groups. You can also set a schedule for automating the synchronization process between your
LDAP server and the RSA Archer GRC database.
When mapping LDAP attributes to the user profile fields, note the following information:
l A user profile field that is mapped to an LDAP attribute is populated for new accounts. The value
is retained for existing accounts.
l A user profile field that is mapped to an LDAP attribute that does not have a value is not
populated for new accounts. The value is retained for accounts that were previously created.
l When the Email Address or Phone field in the user profile is mapped to an LDAP value, the
LDAP value is inserted in the first email or phone number field in the user profile for new user
accounts. For existing accounts, the LDAP value replaces the value in the first email or phone
number field in the user profile. If a user has modified the email address or phone number through
the Platform, the modification is overwritten by LDAP synchronization unless the LDAP value is
null.
l The Time Zone field in the user profile cannot be mapped to an LDAP attribute.
Step 1: Set up your LDAP server
1. Go to the Manage LDAP Configurations page.
b. Under Access Control, click LDAP Configurations.
2. Click Add New.
4. Click the Configuration tab.

5. In the LDAP/Active Directory Server section, enter the user domain, IP address, and connection
or binding preferences.
Field Description
User Specifies the domain to which user accounts from this LDAP server belongs. The
Domain name must be unique for all LDAP configurations.
If you are using Windows Authentication, ensure that the User Domain field
matches the Windows domain name. If these values do not match, single sign-on
(SSO) fails. These domain names are not case sensitive.
Connection Specifies whether a secure connection is required.
Name/IP Specifies the fully qualified name or IP address of your LDAP or Active
Address Directory server. Selecting this option ensures that your server assumes
responsibility for directing RSA Archer GRC to the appropriate domain
controller.
If the previously contacted domain controller is unavailable, a secondary domain
controller is identified and used instead. For example, if your primary LDAP
server is down for maintenance, RSA Archer GRC is directed to the secondary
server to execute LDAP synchronization.
Binding Enables you to bind the LDAP connection to a default domain controller without
specifying the name of a default server. Microsoft recommends the use of
serverless binding for fault tolerance.
If you are using an Active Directory server, select whether to use serverless
binding. If you select Use Serverless Binding, you do not need to enter a value in
the Name/IP Address field.
6. In the LDAP/Active Directory Server Configuration section, enter the configuration options for
your LDAP server.
Field Description
User Specifies the user name of the user identified to access the LDAP or Active
Name Directory server when additional authentication is required.
Password Specifies the password of the user identified to access the LDAP or Active
Directory server when additional authentication is required.

Field Description
Active Specifies the domain of the active directory when additional authentication is
Directory required.
Domain
User Identifies the object as a user object.

Identifier
l For new LDAP configurations, the default value is user.
l For Active Directory servers, the default value is user.
l For other LDAP servers, the default value is inetOrgPerson.

To obtain the actual default values for your organization, see your LDAP
administrator.
Group Identifies the object as a group object.

Identifier
l For new LDAP configurations, the default value is group.
l For Active Directory servers, the default value is group.
l For other LDAP servers, the default value is groupOfUniqueNames.

administrator.
Additional Provides additional attributes that must be retrieved from the LDAP source during
Attributes search. For example, if you are using filters, enter the filters in this field.
User Identifies the groups to which the user belongs.

Group
l For new LDAP configurations, the default value is memberOf.
Identifier
l For Active Directory servers, the default value is memberOf.
l For other LDAP servers, the default value is uniqueMember.

administrator.

Field Description
Users and Sets the User/Group association:

Groups
l Users contain groups: Specifies that the user-group association is defined in
the user object of the active directory server.
l Groups contain users: Specifies that the user-group association is defined in

the group object of the LDAP server.
Connection Inputs the time-out value in seconds for the LDAP query. This value must be a
Time-out whole number greater than 0.
For new LDAP configurations, the default value is 60.
Binding Sets the Binding for an LDAP configuration from the following options.
l Use Simple LDAP Binding: Use when your server does not allow connection
using the Simple Authentication and Security Layer (SASL) protocol, or if you
experience errors.
l Disable page searching: Use when your server does not support paged
searching.
l Remove the whitespace from the DNs: Use to remove unnecessary white
space in the Distinguished Name (DN) before the names are compared when
you are using an LDAP server other than Active Directory.
7. (Optional) Click Test Connection to test your configuration settings.

Step 2: Map LDAP attributes to your user profiles
1. Go to the Configuration tab of the LDAP Configuration.
c. Click the Configuration tab.

2. Go to the User Field Mapping section.
3. In the Base DN field, enter the domain name.
4. (Optional) In the Filter field, enter the criteria for filtering the LDAP directory.
5. In the Attributes field, click Get Attributes to populate the field mapping.
6. In the Field Mapping field, select the attributes for each field in the user profile that you are
synchronizing with the LDAP directory.
Field Description
Base DN Specifies the Base Distinguished Name (DN) for the location of user account
information in your LDAP directory.
Filter Filters the LDAP information available for mapping to user profile fields. Filters
are entered using the following format: objectClass=class name.
Example
You want to map only LDAP values associated with the “user” class. You would
enter objectClass=user as the filter. This entry results in the values associated
with this class being available for mapping.
Attributes Populates the Attribute lists in the Field Mapping section.
Field Maps the attributes from the LDAP directory to the fields in the user profile. You
Mapping must map all required fields in the user profile to an attribute.
Synch Tests the connection of an LDAP Configuration between the RSA Archer GRC
Connector database and the LDAP server or active directory server.
Test If an error message is displayed when the number of records returned exceeds the
configured size limit for the active directory, contact your LDAP administrator to
request a configuration change.

Step 3: Set rules for managing user accounts and groups
1. Go to the Data Sync tab of the LDAP Configuration.

c. Click the Data Sync tab
2. In the User Account Management section, define the rules for updating, creating, deactivating,
and reactivating accounts.
Field Description
Updating Specifies the rules for updating the user profile.

l Update all user accounts on each sync: Updates all user accounts based on
the information contained in your LDAP server
l Update only user accounts where the LDAP attribute meets the following
criteria: Updates user accounts based on a specific LDAP attribute and the
specified criteria.
Example
You want to update only user accounts from your New York office. You
would select Office from the Attribute list, select Equals as the operator, and
enter New York in the Value field from the Operator list.
Create/Update Creates or updates a user account if the account does not exist in RSA Archer
GRC. The name for the new user account is assigned the value of the LDAP
attribute mapped to the User Name (Login) field.

Field Description
Deactivation Deactivates user accounts.

l Deactivate all user accounts that do not have a matching LDAP user.
Deactivates user accounts for which no matching LDAP account is found
during data synchronization, select.
l Deactivate those user accounts where LDAP attribute meets the following
criteria and then enter the LDAP criteria. Deactivate user accounts based
on a specific LDAP attribute.
Example
You want to deactivate user accounts where the employment status for the
matching LDAP user account is set to inactive. You would select
Employment Status from the Attribute list, select Equals as the operator, and
enter Inactive in the Value field from the Operator list.
Reactivation Reactivates user accounts based on specific LDAP attribute criteria.
Example
You want to reactivate inactive user accounts where the employment status in
the matching LDAP user account is set to active. You would select
Employment Status from the Attribute list, select Equals and enter Active in
the Values field from the Operator list.
Send Sends a notification to each user that is created to alert the user of a new
Notification password. The Default Email Address in the user account must be present to
send notifications. When you select this option, a notification message is sent
to all users that are being created.
RSA recommends disabling this option when synchronizing a large number of
records because uploading a large number of users can cause the email server
to exceed its capacity for sending email messages.
3. (Optional) In the Group Management section, enter the criteria for synchronizing the
LDAP group structure with RSA Archer GRC.

Field Description
Group Replicates your LDAP group structure in RSA Archer GRC when synchronized.
Sync The common name (CN) of the group on your LDAP server is used as the group name
in RSA Archer GRC. If a group in RSA Archer GRC is created before synchronizing
with your LDAP server, and there is a group with a matching name in your LDAP
directory, the group in RSA Archer GRC is not synchronized with the LDAP group.
Instead, a new group with the same name is created and is flagged with the
Synchronization icon.
Selecting the Group Synch option makes your LDAP server the authoritative system
for RSA Archer GRC group management.
l Any groups that you delete from your LDAP server also are deleted from RSA
Archer GRC
l Any changes made to your groups in the LDAP directory are reflected in RSA
Archer GRC.
You cannot edit or delete groups in RSA Archer GRC that were created through
LDAP synchronization. You can create additional groups in RSA Archer GRC that
are not included in your LDAP group structure, and can fully manage these groups in
RSA Archer GRC.
Group Specifies the Base Distinguished Name (DN) for your LDAP group structure.
Base If you selected Group Sync and you do not specify a DN for your group structure, the
DN group sync query defaults to the Base DN specified in the LDAP configuration.

Synchronizing Your User Accounts and Groups

Synchronization is the process of updating your RSA Archer GRC user accounts and groups from
your LDAP directory. You can set LDAP synchronization to run on a schedule or run it manually
when needed. In most cases, the synchronization process runs automatically so that your RSA
Archer GRC user accounts and groups are updated regularly.
If RSA Archer GRC cannot access the LDAP directory at the scheduled time, it automatically tries
to connect with the directory 10 times over a 1-hour period, before logging an error record and
stopping the synchronization process. If the synchronization fails, the sync status is set to inactive.

If there are records that are not updated during the synchronization, you can view a text file that
details the date, time, and specific records that failed to synchronize. While the sync status is
inactive, RSA Archer GRC suspends further synchronization attempts until you manually correct the
problems with the connection and set the status to active.
Set the LDAP synchronization schedule
1. Go to the Data Sync tab of the LDAP Configuration you want to schedule synchronization.
c. Select the LDAP Configuration.
d. Click the Data Sync tab.
2. In the Sync Schedule section, set the schedule for synchronizing user accounts and groups.
Field Description
Frequency Specifies how often you want to run the LDAP synchronization process.
Time Specifies the time of day to run the LDAP synchronization process.
Time Zone Specifies the time zone of the LDAP server.

Run the LDAP synchronization now

You can bypass the LDAP synchronization schedule and run the synchronization now.
Note: If you have made changes to your LDAP configuration, you must save those changes before
requesting an immediate data synchronization. Otherwise, the last saved LDAP configuration is
used.
1. Go to the Sync Status tab of the LDAP configuration that you want to synchronize.

d. Click the Sync Status ta.
2. Go to the Immediate Sync Request section and click Run Sync Now in the Sync Request field.
Note: If you decide not to complete the synchronization request, you can cancel it using the
Cancel option that appears in the Sync Request field after the initial request.

Viewing Synchronization Status

You can view the status of LDAP synchronization and you can also view failed synchronization
attempts that might have occurred in the last synchronization.
View the synchronization status
2. Select the LDAP configuration that you want to view.
3. Click the Sync Status tab.
4. In the Status field, click Refresh Status.
5. In the Current Sync Status field, view the status:
Status Description
Active The connection is active and currently in process.
Idle The connection is active, but LDAP synchronization is not currently in

process.
Inactive The connection is inactive, and no scheduled synchronizations run.

Status Description
Queued A synchronization request has been issued, but the system has not yet
responded to the request.
Running LDAP synchronization is currently in process.
Running, LDAP synchronization is currently in process, but a cancel request has been
pending issued. The system has not yet responded to the request.
cancel
Note: If the LDAP synch status is Queued or Running, the Cancel Sync Job section is displayed
instead of the Immediate Sync Request section.
6. If failures occurred in the last sync attempt, in the Failure Detail field, click View Failure Detail
to view failure information in a text file.
Changing LDAP Configuration Status

When an LDAP configuration is no longer needed, but you do not want to delete the configuration,
you can change its status from Active to Inactive (or the reverse if the configuration is inactive and
you want to reuse it again).
Change the LDAP configuration status
1. Open the LDAP Configurations for which you want to change the status.
2. From the Status list, change the status of this LDAP configuration to one of the following.
l Inactive to prevent the use of this LDAP configuration.
l Active to enable the use this LDAP configuration.


Deleting LDAP Configurations

When you delete an LDAP configuration, the database sets the configuration to 99999, which
signifies that the LDAP configuration and database have been deleted. The information and
relationships, however, are still intact.
CAUTION: Take extreme caution when deleting an LDAP configuration. If you also delete users
and groups that are associated with this configuration, the user and group information is permanently
deleted.
Delete an LDAP configuration
2. Click the row of the LDAP configuration that you want to delete and view the description.
3. In the Actions column, click for the LDAP configuration that you want to delete.

Chapter 13: Using Communication Tools

The Platform offers multiple tools for communication with and between your end users and for
ensuring that your users have access to the right information in the system.
l Notifications alert users to specific conditions within records, particularly when it is something
that requires their attention or action (for example, a record is ready to be reviewed).
l The Discussion Forums feature enables you to create structured environments where users can
exchange information on various topics.
l The Training and Awareness feature enables you to construct and deliver training and awareness
communications to specified users and groups.
l Mail merge functionality allows you to export data into a Microsoft Word document.
Notifications
The Notifications feature is a time-saving function for sending notifications of various conditions as
they occur to designated recipients, for example, adding or updating a record. RSA Archer GRC
administrators can customize notifications using blueprints by defining the appearance and page
properties that then can be used by multiple notifications.
Specified users receive notifications when a defined trigger occurs in an application or
questionnaire. A trigger is any change detected in RSA Archer GRC that initiates the publishing of a
notification. A trigger can be any of the following:
l Saving a record
l Periodic reports
l DDE rules
l Workflow stage changes
l Daily record search based on filter criteria
l Training and Awareness events and reminders
l Discussion Forum postings
When a specified trigger occurs, notifications are queued after a save or based on a specific
schedule.

Global Notification Settings are general properties that define default values for all notifications, as
well as read-receipt functionality. The Read Receipt properties enable administrators to activate the
read-receipt functionality. A designated email account tracks the receipt of notifications triggered by
a notification blueprint.
Recipients can receive notifications using any email-based device. RSA Archer GRC users can
select the notifications that they want to receive from the User Preferences menu.
Essential terminology
It is important to understand the following terms when working with notifications.
Term Definition
Layout The format of the content in the body of a notification. Content can be structured or
free form.
Notification The notice that specified recipients receive based on a set of pre-defined conditions.
Notification The specification of properties and settings for the notifications. The notification
Blueprint blueprint defines what information is sent, when it is sent, who should receive it, and
how the information is displayed.
Notification The act of creating and sending notifications. Publishing includes a delivery method,
Publishing subscription behaviors, and recipients.
Recipient An RSA Archer GRC user or other user who receives notifications. Depending on
the notification blueprint, recipients can be one or a combination of the following:
l RSA Archer GRC users and groups
l RSA Archer GRC users contained in Record Permission fields
l Other users that are manually entered in the blueprint (non-RSA Archer GRC
users)
Record A set of data or fields that is entered to populate RSA Archer GRC elements.
Template A preset format of a notification type made up of the name, letterhead and body
layout in the notification blueprint.
Trigger Any change detected in RSA Archer GRC that initiates the publishing of a
notification. When a specified trigger occurs, notifications are queued and
processed.
Recipient rules
Recipients can be users, groups, or manually entered email addresses. Recipients who are non-RSA

Archer GRC users receive all content regardless of permissions.

If a user account is Locked, that account does not receive any notifications to which it was
subscribed.
Type Description
Users A specific RSA Archer GRC user receives the notification. The primary email address
for the user listed in the user account is used to send the notification.
If the user is subscribed to a notification and selects a different address in the Manage
Your Email Subscription page from the Preferences menu, the specified email address is
used.
Groups A specific group receives the notification. Each user in the group is treated individually
at the time the notification is sent. The user email address follows the same rules defined
for the Users type.
Fields The fields that contain email addresses at the time of publication receive the notification.
The following types of fields can contain email addresses:
l Record Permissions. Recipients are specified at the record level.
l Text. Recipients are specified as users in the field.
l User/Groups List. Recipients are specified in a list of users and groups in RSA
Archer GRC.
l Values List. Recipients are specified in a list of predetermined values
l Workflow. Recipients are specified in the Workflow Stage Properties.
User/Group Lists are not record-based. All other field types are record-based Text fields.
Values Lists do not use record permissions.
Static The email address that is entered manually in the notification blueprint.
Subscription rules
Notification subscriptions enable recipients to receive notifications after the adding or updating of
records in specified applications or questionnaires. The following table describes the available
subscription types.
Subscriber
Description
Type
None Users are not subscribed by default. Users can subscribe and cancel at any time.

Subscriber
Description
Type
New Users New users receive notifications by default, but they can cancel the subscription at
any time.
All Users New and existing users receive notifications by default, but they can cancel the
subscription at any time.
Required New and existing users receive notifications by default, but they cannot cancel
the subscription.
Administrators specify the default settings for notifications in the notification blueprints. RSA
Archer GRC users can subscribe or unsubscribe to notifications from the User Preferences menu >
Manage Your Email Subscriptions.
All selected recipients automatically receive notifications.
Notification Publishing
Notification publishing creates and sends notifications to specified recipients when a defined trigger
occurs. For each notification type and blueprint, notifications are sent according to a delivery
schedule specified in the notification blueprint.
Notification publishing process:

Notifications are queued and processed after a save or on a specific schedule. If the delivery method
is Instantly or Digest, notifications are not sent when saving the record updates a calculated field if
there are no other changes to that record.
Notification Blueprints
Notification blueprints are containers that you can use to generate and send notifications to specified
recipients when a defined trigger occurs, such as adding or updating a record.
Notification blueprints specify the rules for generating the notifications. Use a unique name for each
notification blueprint for each instance. Notifications are sent according to the template layout and
delivery schedule defined in the blueprint.
When creating and configuring a blueprint, you can:
l Specify the application it monitors
l Design the layout
l Configure the delivery methods and recipients
l Specify the conditions in the application records that cause an email to be sent

Blueprint elements contain the rules for layout template design, delivery, and filter criteria.
Notification types determine which blueprint elements are used .
Key elements of a notification blueprint
Layout template design

The layout template design enables administrators to configure the format and content of
notifications. Predefined letterhead templates and body layouts are used to specify the layout of the
notifications recipients can receive.
Letterhead
Letterhead templates define the page, header, body, and footer properties used in a notification. A
letterhead is not a required element of a notification blueprint, and does not apply to notifications
sent in XML format. A default letterhead is specified in Global Notification Settings, but the
selection can be overridden in the individual notification blueprint.
Body layout
The body layout defines the format of the layout in the notification body, including how the content is

arranged. The body layout can be structured and free form. The structured format presents content in
a two-column table. The left column contains the field name, and the right column contains the field
value. The free-form body layouts allow the content to be arranged anywhere in the body of the
notification.
Content
The content of a notification includes user-defined static content and dynamic content placeholders
in the Subject line and Body. Static content is text that remains the same for every notification, while
dynamic content changes based on data from specified fields.
Type Dynamic Content Placeholder for...
Field Data from the fields of the records used for publishing the notification.
Report Links to global and personal reports that are available from an application or
questionnaire.
Link Links to user pages, administrative pages, and records.
Subject
You can configure the Subject line for all notification types using static and dynamic text and data
from fields. A Cross-Reference field appears as a Key Field reference.
Do not use the following field types to create dynamic content in the Subject line:
l Attachment l Sub-Form
l Cross-Application Status l Questionnaire

Tracking Reference
l Image l Access History
l Record Permissions l History Log
l Scheduler
Body
The Body is composed of user-defined static content and dynamic content placeholders.

l Static content is text that remains the same for every notification.
l Dynamic content is content that changes based on unique parameters and is based on the field,
reports, or links you select. When defining content, fields, reports, and links become placeholders
for the actual data or content of the notification, which is generated during notification publishing.
Example: Subscription notification with static and dynamic content
The following figure shows an example of content for a subscription notification for Incident
Management for reporting an incident to a business unit manager who is waiting on an update.
Fields that cannot be included as dynamic content in the Subject line are: Attachment, Cross-
Application Status Tracking, Image, Record Permissions, Sub-Form, Questionnaire Reference,
Access History, and History Log.
Some of the element options vary based on the notification type. Content for the Scheduled Report
Distributions notification includes a section for specifying the report and attachment type, for
example, PDF, Word, Excel, and others.
Note: For Subscription and On Demand notifications, the type of content you place in the Body area
depends on the option you select in the Body Layout field on the General tab.
Notification delivery
Notifications are delivered based on the delivery methods that are configured in the notification
blueprint. In most cases, notifications are only sent when a record is saved unless the delivery
method is Instantly or Digest. When set to either delivery method, notifications are not sent when
saving the record updates a calculated field when there are no other changes to the record.

Delivery methods
Type Description
Notifications are published as soon as possible when a trigger occurs for record-based
notifications. An example of a trigger is saving a record.
Notifications are aggregated and published in a digest. The data used for publishing the
notification are captured each time a record is added or updated. Notification publishing
uses the most recent version of a record that passed the filter criteria of the notification
blueprint. If the notification blueprint filters are modified within a specified period, the
already captured record is still used for notification publishing at the end of the period.
The frequencies are as follows:
l Daily. Notifications are published once per day based on the notification blueprint.
l Weekly. Notifications are published once per week based on the notification blueprint.
l Monthly. Notifications are published once per month based on the notification blueprint.
l Quarterly. Notifications are published once per quarter on January 1st, April 1st, July
1st, and October 1st based on the notification blueprint.
Notifications are published once per day, and typically use date filters that compare a
date-based field in each record to the date that the notification is being run. The record
collection is search-based, and does not require a save to occur for the notifications to be
published. All records for an application or questionnaire can potentially be returned for a
record-based notification.
Filter criteria
Filter criteria determine the records that are published in a notification. Only records that meet the
specified filter criteria are included in the notification. A notification is not generated unless all
criteria is satisfied.
For notifications generated from the DDE Generate Notification action, DDE rules determine which
records are included.
Example: Criteria for filtering by a date
Field To Evaluate Operator Value(s)
Date Equals 1/10/2015

Notification blueprint types

You can create a blueprint for each notification type.
Notification
Description
Type
Record Based Record-based notifications contain dynamic or static content of specified fields
from a record. The following notifications are record based:
l Subscription
l On-Demand
l XML
l DDE
l Workflow
Report Based Report-based notifications contain static content based on the user permissions of
the user who created the notification report template. Report-based notifications
are sent on a required schedule.
These notifications include an embedded report or a link to a report. A link to the
report requires the recipient to have an active RSA Archer GRC user account, and
recipients can only view the records for which they have record permissions.
The report-based notification is called Scheduled Report Distributions.
Data Source Data Source notifications contain data from other data sources. The notifications
for Training and Awareness and Discussion Forums can be generated.
System Admin notifications inform users of important system changes and events that are
not directly related to application content. For example, you can set up a
notification when a password changes, or when a mail merge job succeeds or fails.

Record-Based Notification Blueprint Types
Subscription Notifications
Subscription notifications enable recipients to receive notifications on a set schedule or instantly

when records are added or updated in an application or questionnaire. You can create notification
blueprints for any application or questionnaire for which they are assigned ownership rights. The
Subscription Notification blueprint specifies the rules used to generate a subscription notification.
RSA Archer GRC users can subscribe or unsubscribe to notifications from Email Subscriptions
under the User menu.
Notifications generated from the DDE Generate Notification action are filtered by DDE rules. If the
you do not want recipients to unsubscribe to a notification, use DDE Generated Notification action.
Example: Subscription notification
Scenario A team needs to be alerted each time an urgent issue is added or updated in a custom
application or questionnaire.
Action A user with administrative rights to the custom application or questionnaire creates a
subscription notification blueprint, specifying that a notification is sent to all members
of the team each time a new issue is reported. The filter criteria are defined so that
notifications are sent only when the value Urgent is selected in the Priority field,
thereby limiting the number of notifications that are triggered by the blueprint.
Result A user adds a new issue in the application or questionnaire and selects Urgent in the
Priority field and clicks Save. Everyone on the team receives a notification.
Unique elements of subscription notifications
Subscription Recipients can subscribe or unsubscribe to notifications. Administrators specify one

of the following subscription options in the notification blueprint:
l None: RSA Archer GRCusers and specified recipients are not subscribed by
default and can subscribe or unsubscribe to the notification at any time.
l New Users: New users receive notifications by default and can cancel the
l All Users: New and existing users receive notifications by default and can
cancel the subscription at any time.

Users can receive notification emails using any email-based device, and select which notifications
they want to receive using the Manage Your Email Subscriptions option in the User Preferences
menu.
On-Demand Notifications
On-Demand notifications are pre-configured notifications that RSA Archer GRC users can send to
anyone with an active email address. Administrators configure the properties of a notification in an
On-Demand notification blueprint.
When RSA Archer GRC users click in the page toolbar on a record, they can make a selection
from a list of available On-Demand notification blueprints.
The following elements are specific to On-Demand notifications.
Recipient By default, the email address of recipients is entered manually. They also have the
option to specify with which addressee type the recipient can be associated, for
example, as CC, BCC, and To.
Delivery On-Demand notifications can only be sent instantly.
Subscription Recipients of On-Demand notifications cannot subscribe or unsubscribe to the

notifications.
Access The access right for an On-Demand notification is specified in the On-Demand
notification blueprint. The following options are available:
l Public: All application or questionnaire users will automatically be granted
unrestricted access to use the notification blueprint.
l Private: Only specified users and groups can access the notification blueprint.
Example: Record-based notification
Scenario Members of the executive team would like to receive the status of remediation plans
periodically. Some of the members have access to RSA Archer GRC Suite, but some
members do not.
Action A RSA Archer GRC user with administrative rights creates an On-Demand notification
blueprint called Remediation Plans. Specific values from a record in a specified
location are placed within the Subject line and Body of the template, including the name
and status of each remediation plan. The email addresses of every member of the
executive team are added as recipients. Email addresses for non-RSA Archer GRC
users are entered manually in the Static field.

Result A user adds new information to a remediation plan that affects other plans. The user
clicks and selects Remediation Plans from a list of blueprints. An email alert is
sent to every member of the executive team with the status of the remediation plans.
XML Notifications Setup
XML notifications are used to transmit information from RSA Archer GRC to an external system or
integration in XML format. Administrators configure the properties of an XML notification in an
XML notification blueprint.
The following elements are specific to XML notifications.
Element Description
Layout Does not apply to XML notifications.
Content Only fields are included within the Subject line and Body of the notifications.
Recipient The email addresses of the recipients are entered manually. Multiple email
addresses are separated by a semicolon. The email addresses specified as recipients
receive all notifications generated by the notification blueprint.
Subscription Recipients cannot subscribe or unsubscribe to the notifications. The subscription

behavior is defined in the notification blueprint.
DDE Generate Notification Action
Notifications can be generated through the DDE Generate Notification action. The Generate
Notification action enables administrators to configure a notification. When a record is added or
updated that meets defined rule conditions, a Generate Notification action is triggered.
The following rules apply to the DDE Generate Notification action.
Recipient RSA Archer GRC users, groups, or recipients specified in a field or Record
Permission fields. Recipients are not specified in the notification blueprint of the
DDE Notification action.
Filter Fields, operators, and values set by DDE rules.

Criteria
Subscription Recipients cannot subscribe or unsubscribe from DDE Generate Notification action.
Scenario A team needs to be alerted each time an urgent issue is added or updated.

Action A user with administrative rights to the custom application or questionnaire creates a
Generate Notification action, specifying that a notification is sent to all members of the
team each time a new issue is reported. The filter criteria in the DDE rule are defined
so that notifications are sent only when the value "Urgent" is selected in the Priority
field, thereby limiting the number of notifications that are triggered by the notification
blueprint.
Result A user adds a new issue in the application or questionnaire and selects "Urgent" in the
Priority field and then clicks Save. A notification is sent to everyone on the team.
Workflow Notifications
Workflow Notification blueprints enable administrators to configure the workflow process to

automatically send notifications to users and groups that are assigned to a workflow task. A
Workflow Notification blueprint is defined and enabled for each stage of the workflow in Stage
Properties on the Workflow tab.
Elements for workflow notifications
Recipient Any users or groups determined by the Assignment Model for a stage.
Delivery Configured for entrance to any stage in the workflow process, and sent at the end of
that stage.

behavior is defined in the workflow process.
The notifications are sent when a record:

l Is enrolled or moved to a new stage (except the End stage)
l Is manually reassigned by the Application Owner
Scenario A custom application or questionnaire has a workflow configuration with three

stages: Stage 1, Stage 2, and Stage 3. A Workflow Assignee needs to be alerted each
time a record enters Stage 2 of the workflow.
Action A user with administrative rights creates a custom application or questionnaire with
three Stages and enables Workflow. A Workflow Notification blueprint was created
and enabled for Stage 2.

Result A user promotes a record from Stage 1 to Stage 2. A notification is sent to the
Workflow Assignee as determined by the assignment model for that stage.
The task is promoted to Stage 3, but the Workflow Assignee for Stage 3 rejects the task
and it is sent back to Stage 2. A notification is sent to the Workflow Assignee for Stage
2.
Data Source-Based Notification Blueprint Types
Training and Awareness
The Notification functionality of the Training and Awareness feature in RSA Archer GRC enables
administrators to construct and deliver training and awareness notifications to any users and groups.
Training and awareness notifications are organized as campaigns with one or more events.
Campaigns support the coordination of three event types:
l Presentation: Events allow information to be broadcast to users or groups using email or prompts
at logon. Recipients of presentation events are not required to acknowledge receiving the event or
respond to the content of the event. Presentation events represent a passive form of
communication.
l Acceptance: Events extend presentation events to require action from the recipient. These events
are presented to users or groups as a prompt when they log on to RSA Archer GRC. Users
receiving an acceptance event are required to accept or decline the event.
l Quiz: Events enable administrators to test knowledge of the users. These events are presented to
users as a prompt when they log on to RSA Archer GRC. A quiz event is a method for
determining that a user or group received or accepted a trigger, and that they have a complete
understanding of the required reading.
The following elements are specific to notifications generated from Training and Awareness
Campaigns.
Content Custom text or specified pre-built content from any application or questionnaire to
which a user has ownership rights. The notification content of a Training and
Awareness Campaign event includes a static text introduction, dynamic content
placeholders for a trigger, and a static text closing.
Delivery Acceptance and Quiz events have reminders. Presentation events are sent only once.

Discussion Forums
The notifications from Discussion Forums are subscription-based notifications. RSA Archer GRC
users can subscribe to receive notifications when messages are posted to a forum, posted to a topic,
or posted to a message.
The following elements are specific to notifications generated from Discussion Forums.
Elements Description
Content Letterheads and body layouts are not available.
Delivery Notifications are sent as soon as possible after a trigger occurs.
Recipient Only RSA Archer GRC users can receive notifications from Discussion Forums.
Managing Notification Blueprints

You can delete a notification blueprint or make a notification type inactive.
Delete a notification blueprint
Note: You cannot delete a notification that is used by an advanced workflow.
1. Select the notification type that you want to delete.
b. Under Notifications, select the notification type.
2. Click the row of the notification that you want to delete.
3. Click .
4. Click OK.
Set notification to inactive
1. Go to the General tab of the notification you want to modify.
b. Under Notifications, select the notification type.
c. Select the notification.

d. Click the Content tab.

Activating Notifications
By default, all notifications are inactive.
The Default From Address is required for all instances and all configurations. You configure the
mail server and Default From Address for each instance in the RSA Archer Control Panel.
After configuring notifications in the RSA Archer Control Panel, you must also configure the
application in the instance and the Notifications feature of RSA Archer GRC.
Enable notifications for an application

You can enable or disable notifications for an application. When notifications are enabled, end users
are allowed to receive notifications when content in the application is published or updated.
You can also create a notification. When you create a notification blueprint for an application, end
users can subscribe to that blueprint and receive email alerts when records in the application are
added or updated.
2. In the Options section, select the checkbox in the Notifications field.
3. Click Apply.
Configure the default notification settings

These values are used for all notifications and can be overridden for a specific notification blueprint.

1. Go to the Default Notification Settings section of the Manage Global Notification Settings page.
b. Under Notifications, click Global Notification Settings.
c. Go to the Default Notifications Settings section.
2. In Letterhead, select the default letterhead that you want to use.
3. In Body Layout, click to preview and select the layout you want, and then click OK.
4. In From Address, enter a default email address.
5. In From Alias, enter a default email alias.
6. In Attachment Type, select the default attachment type.
7. Click Save.
Define read receipt rules

Read-receipt functionality enables you to track the receipt of notifications. When return-receipt
functionality is activated, enter the return email address for read-receipts that are requested from
users when they open a notification email. These rules also include settings for the mail server and
user name and password for the return email account.
Important: You must set up an email account on your mail server that receives read receipts from
users who have indicated receipt of notification emails. The mail server on which you create this
account most likely is the same mail server that your organization is using for alert notifications.
After the application pulls read-receipt information from the email account that you define, all
emails are deleted from that account to prevent the account from exceeding its storage limit.
Read receipt rules
Status Indicates whether the read-receipt functionality is active or inactive. The Active
status enables you to configure any notification blueprint to request read-receipts
when notifications are sent to the recipients.

Email Specifies the email address that receives the return receipts.
Address Do not use your own email address as the account to receive the return receipt. All
notifications are deleted from the specified email account after the application or
questionnaire retrieves read-receipt information to prevent the account from
exceeding its storage limit. Use a dedicated email address to receive the read
receipts.
Server Specifies the server name or IP address of the mail server on which the return-
Name receipt email account is created.
The Server Name is the same server name or IP address that was used when
configuring the Notifications for the instance.
Protocol Specifies the method that is used to retrieve notifications from the email server.
Port Specifies the number associated with the communication endpoint for the selected
protocol.
User Specifies the name of the user who has access to the return-receipt email account.
Name
Password Specifies the password that is required to log on to the return-receipt email account.
Test Verifies that the credentials and connection information entered are correct.
Connection If an error occurs, correct the error and click Test again. Continue this process until
you receive a confirmation message indicating success.
Change the status of the read receipt rules
1. Go to the Manage Letterheads page.
2. In the Read Receipt Properties section, in the Status field, select the applicable status: Active or
Inactive.
3. Click Save.

Define the read receipt rules
1. Go to the Manage Global Notification Settings page.
c. Expand the Read Receipt Properties section.
2. In the Email Address field, enter the email address that receives the messages.
3. In the User Name field, enter the user name that has access to the return-receipt email account.
4. In the Password field, enter the password that is required to log on to the return-receipt email
account.
5. In the Test Connection field, click Test to verify that the credentials and connection information
you have entered are correct.
Note: If the test reports an error, correct the error and click Test again. Continue this process
until you receive a confirmation message indicating success.
6. Click Save.
Update the read receipt rules
1. Go to the Manage Global Notifications Settings page.
2. Expand the Read Receipt Properties section.
3. In the Email Address field, enter the email address that will receive the messages.
4. In the Server Name field, enter the server name or IP address of the mail server on which you
created the return-receipt email account.
5. In the Port field, enter the appropriate port for the selected protocol.
6. From the Protocol list, select the protocol used to retrieve emails from your email server.

account.
you have entered are correct,
If the test reports an error, correct the error and click Test again. Continue this process until you
receive a confirmation message indicating success.
10. Click Save.
Adding Admin Notifications

Admin notifications inform users of important system changes and events that are not directly related
to application content. For example, you can set up a notification when a password changes or when
a mail merge job succeeds or fails.
You can add any of the following admin notification types:
l Account Data Export Job Failed
l Account Data Export Job Succeeded
l Change User Password
l Datafeed Job Completed
l Globalization Export Job Failed
l Globalization Export Job Succeeded
l Globalization Import Job Failed
l Globalization Import Job Succeeded
l Mail Merge Job Failed
l Mail Merge Job Succeeded
Add an admin notification
1. Go to the Manage Admin Notifications page.

b. From the Notifications list, click Admin Notifications.
l To create a new admin notification, click Create a new Admin Notification from scratch.
l To create an admin notification from an existing one, click Copy an existing Admin
Notification. From the Admin Types list, select the template you want to use.
3. Click OK.
4. In the General Information section, enter the name and description of the notification.
5. In the Template Design section, select the letterhead and body layout that you want to use.
The Preview section displays the options you select.
6. Click the Content tab, and add the content you want to appear in the notification.
links.
field.

Adding On Demand Notifications

On-Demand notifications are pre-configured notifications that you can send to any active email
address. You configure the rules of a notification in an On-Demand notification blueprint.
Click in the page toolbar on a record to select from a list of available On-Demand notification
blueprints.

Example: On-demand notification
Scenario Members of the executive team want to receive the status of remediation plans
periodically. Not all team members have access to RSA Archer GRC.
Action A user with administrative rights creates an on-demand notification blueprint called
Remediation Plans. Specific values from a record in a specified location are placed
within the Subject line and Body of the template, including the name and status of each
remediation plan. The email addresses of every member of the executive team are
added as recipients. Email addresses for non-RSA Archer GRC users are entered
manually in the Static field.
Result A user adds new information to a remediation plan that affects other plans.
The user clicks and selects Remediation Plans from a list of blueprints. An email
alert is sent to every member of the executive team with the status of the remediation
plans.
Elements of on-demand notifications
Recipient By default, the email address of each recipient is entered manually. Optionally, you
can specify the recipient type CC, BCC, and To.
Delivery On-demand notifications can only be sent instantly.
Subscription Recipients of on-demand notifications cannot subscribe or unsubscribe to the

notifications.
Access The access right for an on-demand notification is specified in the on-demand
notification blueprint. The following options are available:
l Public. All application and questionnaire users will automatically be granted
unrestricted access to use the notification blueprint.
l Private. Only specified users and groups can access the notification blueprint.
Add an on-demand notification
1. Go to the General tab on the Manage On Demand Notification Templates page.
b. From the Notifications list, select On Demand Notification Templates.

l To create a new on-demand notification template, click Create a new On Demand

Notification from scratch.
l To create an on-demand notification template from an existing one, click Copy an existing On
Demand Notification Template, and select the notification you want.
3. In Available Applications, select the application to which you want to link the notification.
4. Click OK.
5. In the General Information section, enter the name of the notification, description, and folder in
which you want to store the notification.
6. In the Template Design section, select the letterhead and body layout that you want to use.
click OK.
7. Click the Content tab and add the content you want to appear in the notification.
links.
field.
8. Click the Delivery tab and go to the Email Recipient Options section.

9. In the Send Each Notification As field, specify whether to send separate or one email
notification.
As

sent.
10. In the Recipients section, enter the list of users or groups who will receive this notification.
Recipients can be a dynamic or static list based on the notification type. A dynamic list is based
on the values of a Users and Groups list and record permissions or an email address stored in a
field.
Do the following for To, CC, and BCC:
b. Click OK.

11. Click the Access tab and specify whether the notification is public or private.
In the Access section, select whether the notification is available to everyone or specified users
and groups.
l To grant unrestricted access, select Public.
l To grant specific rights to selected users and groups, select Private.
In the Available section, do one or more of the following:


Adding Scheduled Report Distributions

Use scheduled report distributions to schedule notifications with attached reports or links to reports.
The content of an attached report is based on the record permissions of the user who creates the
report.
When a scheduled report distribution includes a link to a report, user account privileges are
enforced. Recipients of these notification can only view data in the report to which they have view
privileges.
Important: Scheduled report distributions are different from scheduled email alerts with embedded
reports or links to reports. You can schedule email alerts that contain embedded reports or links to
reports. The records and fields displayed in the scheduled report distribution are based on the access
restrictions of the user who creates the notification. This may result in someone receiving an
embedded report who is otherwise restricted from certain data.
Example 1: Attached report
Scenario An RSA Archer GRC user wants to send a weekly report to managers for feedback.

Action A user with administrative rights creates a Scheduled Report Distributions notification.
The report is included as an attachment in the Body of the template. The notification is
scheduled to be sent weekly to managers.
Result Once a week, a notification with an attached report is sent to managers. The report
contains the information based on the record permissions of the user instead of the
managers.
Example 2: Linked to a report
Scenario An RSA Archer GRC user wants to send a weekly report to colleagues for feedback.
Action A user with administrative rights creates a Scheduled Report Distributions notification.
A link to the report is included in the Body of the template. The notification is
scheduled to be sent weekly to a group of colleagues.
Result Once a week, a notification with a link to the report is sent to the group of colleagues.
A recipient clicks on the link to view the report that contains information based on the
record permissions of the recipient.
Elements for scheduled report distributions
Element Description
Layout Table body layout is not available. All free-form body layouts can be used for
report-based notifications.
Content Only links and attached reports are available. Information in the attached report is
based on the record permissions of the RSA Archer GRC user who creates the
report. If the report creator has permission to private fields, all reports sent through
the distribution will include the data of the private fields, even if the recipient does
not have access to the fields.
Recipient Recipients must have active RSA Archer GRC user accounts.
Delivery Notifications are sent on a set schedule: daily, weekly, monthly, or quarterly.
Subscription Recipients cannot unsubscribe to a Scheduled Report Distribution notification.

Add a scheduled report distribution
1. Go to the General tab of the Manage Scheduled Report Distributions page.
b. From the Notifications list, click Scheduled Report Distributions.
l To create a new scheduled report distribution, click Create a new Scheduled Report
Distribution from scratch.
l To create a scheduled report distribution from an existing one, click Copy an existing
Scheduled Report Distribution, and select the notification you want.
3. Click OK.
5. In the Template Design section, select the letterhead and body layout you want.
click OK.
6. Click the Content tab and specify the reports and attachment type for embedding the report in this
notification.
l In the Reports field, select the report or reports that you want to embed in the email
distribution and click OK.
l In the Attachment Type field, select the format of the report or reports.
7. In the Template Design section, select the subject and content for the notification.

links.
field.
8. Click the Delivery tab and enter the email properties for this notification.
address.
default selection.
notification.

Frequency Action

July, and October.

Frequency Action
condition.

occurrence.
10. In the Email Recipient Options section, specify whether to send separate or one email
notification.

As

sent.
field.
b. Click OK.


Adding Subscription Notifications

Subscription notifications enable subscribers to receive email alerts on a set schedule or instantly
when records are added or updated in a application or questionnaire. Administrators can create
notification blueprints for any application to which they have ownership rights. The rules for a
subscription notification are captured in a notification blueprint, the triggering mechanism for alert
emails.
For example, you can create a notification blueprint, specifying that an alert email is sent to all
members of the Risk Response team each time a new issue is reported. You can apply filters to this
blueprint so that email messages are sent only when the values Urgent and High are selected in the
Priority field. By applying filters, you can limit the number of alert emails that are triggered by the
blueprint.
Users select which notifications to receive using the Manage Your Email Subscriptions option in the
User Preferences menu. They can receive notification emails using any email-based device.
Add a subscription notification
1. Go to the General tab of the Subscription Notifications page.
b. From the Notifications list, click Subscription Notifications.
l To create a new subscription notification, click Create a new Subscription Notification from
scratch.
l To create a subscription notification from an existing one, click Copy an existing Subscription
Notification, and select the notification you want.
3. Click OK.
5. In the Template Design section, select the letterhead and body layout you want.
click OK.

links.
field.
7. Click the Delivery tab and in the Email Properties section, do the following:
address.
default selection.
notification.

Frequency Action

July, and October.

Frequency Action
condition.

occurrence.
9. In the Subscriptions section, click the type for the default subscriber.
Select the subscriber type:
Subscriber
Description
Type
None Users are not subscribed by default. Users can subscribe and cancel at any
time.
New Users New users receive notifications by default, but they can cancel the
All Users New and existing users receive notifications by default, but they can cancel
the subscription at any time.
Required New and existing users receive notifications by default, but they cannot cancel
the subscription.
10. In the Email Recipient Options section, specify whether to send separate or one email
notification.

As

sent.
field.
b. Click OK.

12. Click the Filter Criteria tab, enter the filters that you want to apply to this notification.
Only the records that match the specified criteria trigger a notification to generate.
a. In the Field to Evaluate field, select the field on which the evaluation is based.
b. In the Operator field, select the applicable operator for evaluating the values.
c. In Value(s), select the applicable values based on the field specified and click OK.
d. (Optional) To add a row for additional criteria, click Add New, and then repeat steps a – c.
e. (Optional) To add advanced operator logic, in the Advanced Operator Logic field, enter the
expression.

Adding XML Notifications

XML notifications are used to transmit information from RSA Archer GRC to an external system or
integration in XML format. You configure the rules of an XML notification in an XML notification
blueprint.
Example
Scenario The Devices Vulnerability system of the IT team needs to be automatically notified
when a new vulnerability is added to correctly update user interface displays.
Action A user with administrative rights creates an XML notification blueprint. Specific fields
are selected to be in the Subject line and Body of the template. The delivery frequency
is Instantly, and the recipient is the email address of the Devices Vulnerability system.
The filter criteria is "Vulnerability" in the Text field.
Result Every time a new vulnerability is imported into RSA Archer GRC, a notification is sent
to the Devices Vulnerability system in an XML format.
Elements for XML notifications
Element Description
Layout Does not apply to XML notifications.

Element Description
Content Only fields are included within the Subject line and Body of the notifications.
Recipient The email addresses of the recipients are entered manually. Multiple email
addresses are separated by a semicolon. The email addresses specified as recipients
receive all notifications generated by the notification blueprint.

behavior is defined in the notification blueprint.
Add an XML notification
1. Go to the General tab on the Manage XML Notifications page.
b. From the Notifications list, click XML Notifications.
l To create a new XML notification, click Create a new XML Notification from scratch.
l To create an XML notification from an existing one, click Copy an existing XML
Notification, and select the notification you want.
3. Click OK.
a. In the Subject line, enter the text or field you want to include as the subject of this
notification.
b. In the Body field, select the fields you want to include in this notification.
6. Click the Delivery tab and enter the email properties for this notification.

address.
default selection.
notification.
Frequency Action

Frequency Action

July, and October.
condition.

occurrence.
field.

b. Click OK.
9. Click the Filter Criteria tab, enter the filters that you want to apply to this notification.
Only the records that match the specified criteria trigger a notification to generate.
a. In the Field to Evaluate field, select the field on which the evaluation is based.
b. In the Operator field, select the applicable operator for evaluating the values.
c. In Value(s), select the applicable values based on the field specified and click OK.
d. (Optional) To add a row for additional criteria, click Add New, and then repeat steps a – c.
e. (Optional) To add advanced operator logic, in the Advanced Operator Logic field, enter the
expression.

Configuring Default Notification Settings

The default notification settings determine the default options and values across all notification
blueprints of an instance. You can designate a default letterhead, body layout, from address, alias,
and attachment types. You can override these default values in the individual notification blueprints.
Settings Description
Letterhead Specifies the default letterhead. The right column displays a preview of the selected
letterhead.
XML Notifications do not contain letterheads.

Settings Description
Body Specifies the default layout of the body, including the arrangement of the data. The
Layout Table body layout arranges the content in a structured format. All other body layouts
are free-form layouts, and you can arrange content anywhere in the body.
From Specifies the default email address from which to send notifications. The Default
Address From Address established for the instance is used if this one is not provided.
From Alias Specifies the default email alias for the From Address.
Attachment Specifies the default attachment type. The following types are available:
Type
l Adobe PDF
l CSV
l HTML File
l Microsoft Excel
l Microsoft Word
l XML File
Configure the default notification settings
1. Go to the Default Notification Settings section of the Manage Global Notification Settings page.
c. Go to the Default Notifications Settings section.
2. In Letterhead, select the default letterhead that you want to use.
3. In Body Layout, click Select.
4. Preview and select the layout you want, and then click OK.
5. In From Address, enter a default email address.
6. In From Alias, enter a default email alias.
7. In Attachment Type, select the default attachment type.

Configuring Global Notification Settings

Global notification settings define the default values for notification templates and control read-
receipt functionality, which allows RSA Archer GRC to track the receipt of email notifications. The
default settings are overridden by the settings of the individual notifications.
Before you begin:

l Define the letterheads templates for the notification blueprints (not required for XML notification
blueprints).
l Define the user accounts for RSA Archer GRC.
Use the Manage Global Notification Settings page to configure the default global values.
l Configuring Default Settings
l Defining Read Receipt Rules
Defining Letterhead Templates

Letterhead templates define the page, header, body, and footer properties used in a notification. A
letterhead is not a required element of a notification blueprint, and does not apply to notifications
sent in XML format. A default letterhead is specified in Global Notification Settings, but the
selection can be overridden in the individual notification blueprint.
Letterhead properties
Name Specifies the name of the letterhead. The name of each letterhead must be unique
across the instance.
Status Enables the letterhead to be used in notifications. To prevent the letterhead from
being used, select Inactive.
Description Specifies information about the letterhead.
Page Specifies the entire page background color and border settings, including the line
height.
Header Specifies the header background color and border settings, including the line height.

Body Specifies the body background color and border settings, including the line height.
Footer Specifies the footer background color and border settings, including the line height.
Add a letterhead template
b. Under Notifications, click Letterheads.
2. Click Add New.
l To select new settings for the letterhead, click Create a new Letterhead from scratch.
l To use the settings of an existing letterhead, do the following:
a. Click Copy an existing Letterhead.
b. Select the existing letterhead from the Available Letterheads list.
4. Click OK.
5. In the General Information section, enter the name of the letterhead template and description.
7. In the Toolbar field, click the applicable tab for the properties you want to define.
8. In Fill Properties, do one or more of the following:
Property Action
Background Do one of the following:

Fill
l To specify no fill, click No Fill.
l To specify a background fill, click Solid Fill.

Property Action
Background If you selected Solid Fill, specify the color for the background of the body. To
Color choose a background color, do one of the following:
l Enter the HTML code in the space provided, for example #FFFFFF.
l Click to select a color from the color picker.
9. In Border Settings, do the following:
Property Action
Line Color Specify the color of the body border. To choose a color, do one of the following:
l Enter the HTML code in the space provided, for example #FFFFFF.
l Click to select a color from the color picker.
Line Height
Click the arrows to set the width in pixels of the border. If you
prefer no border, set the value at zero (0).
10. Click OK.
l If you are not defining the body or page properties, go to step 7.
l If you are defining footer or header properties, use the Rich Text Editor toolbar to change the
appearance of the text, add an image, or edit the HTML.

Delete a letterhead template
2. Click the row of the letterhead that you want to delete.
3. Click .

4. Click OK.
Set a letterhead template to inactive
1. Go to the General tab of the letterhead you want to set to inactive.
c. Select the letterhead.

Defining Read Receipt Rules

Read receipt properties enable or disable the return-receipt functionality and specify the supporting
properties, such as the email address that receives the return receipt. This allows you to know if
your users are receiving their notifications.
Define the read receipt properties
1. Go to the Manage Read Receipt Properties section on the Manage Global Notifications Settings
page.
c. Expand the Read Receipt Properties section.
2. In the Email Address field, enter the email address that receives the messages.
account.

you have entered are correct.

Change the status of the read receipt properties
1. Go to the Read Receipt Properties section on the Manage Global Notifications Settings page.
2. In the Read Receipt Properties section, in the Status field, select the applicable status: Active or
Inactive.

Update the read receipt properties
1. Go to the Manage Global Notifications Settings page.
2. Expand the Read Receipt Properties section.
3. In the Email Address field, enter the email address that will receive the messages.
4. In the Server Name field, enter the server name or IP address of the mail server on which you
created the return-receipt email account.
5. In the Port field, enter the appropriate port for the selected protocol.

6. From the Protocol list, select the protocol used to retrieve emails from your email server.
account.
you have entered are correct, .

Troubleshooting Notifications
Determine point of failure

Problem: Notifications are not being sent or received.
Cause Solution
The Notifications feature is Configure Notifications in the application, questionnaire, or

not enabled in the application, workflow. Enable Notifications on the General tab of the
questionnaire, or workflow. applicable application or questionnaire in Application Builder.
Ensure the notification blueprint is active.
The job engine is not running Start the Job Engine in the Windows Services.
in the Windows Services.
The Notifications feature is Configure Notifications in the RSA Archer Control Panel.
not configured properly in the

Cause Solution
The wrong type of notification Ensure you are using the correct type of notification blueprints for
blueprint is used for the the data that is being triggered.
triggering data. Updates to records trigger subscription notifications. You can
update records manually or through a data feed.
Reminder notifications are based on specific criteria. All criteria
must be met to trigger a notification.
The record in the data feed Ensure the data feed is configured for sending notifications.
does not trigger the Select Send Notifications in the Additional Properties of the data
notifications. feed.
DDE Generate Notification action and On-Demand notifications
are not triggered from data feed.
Use Subscription Notifications in a data feed so that data is
accessible on the schedule of the notifications.
Reminder notifications are based on specific criteria. All criteria
must be met to trigger a notification.
The notification jobs are not Set the job priority in the Job Engine Manager. For more
prioritized properly. information, see "Set Filters" in the RSA Archer Control Panel
Help.
There are many jobs ahead of Change the priority of the SendNotificationJob or
the notification job types. SendMessagesJob notification job types.
Problem: The user cannot view the record.
Cause Solution
The user does not have Check the Access Roles of the user to ensure that the user has
permissions to view the access rights to the application or questionnaire of that record.
record. Ensure that the user has access rights to view that record, including
Cross-Reference fields and related records.
Troubleshooting filter criteria for reminder notifications

Filter criteria can be defined in the delivery schedule of a reminder for the following notifications:
l Subscription notification
l XML notification

l DDE Generate Notification action
Records do not have to be saved or updated to send a reminder notification. Records are evaluated at
the specified time according to the delivery schedule. The reminder notification is sent when a
record meets all the defined filter criteria.
The following scenarios provide the filter criteria for sending reminder notifications before the
current data and after the current date.
Filter criteria before the current date
Scenario 1 Notification is evaluated and sent every day for all records where "Date Field 1" is more
than 1 day before the current date.
Field Operator Days Occurrence Target
Date Field 1 Greater Than 1 Daily Before Date
Scenario 2 Notification is evaluated and sent every day for all records where "Date Field 1" is less
than 999 days before the current date.
Date Field 1 Less Than 999 Daily Before Date
Scenario 3 Notification is evaluated and sent only once for all records where "Date Field 1" is 1 day
before the current date. The Occurrence is defined as Once because the Target date cannot be
continually equal to the number of days before the current date.
Date Field 1 Equals 1 Once Before Date
Scenario 4 Notification is evaluated and sent only once for all records where "Date Field 1" is 999
days before the current date. The Occurrence is defined as Once because the Target date cannot be
continually equal to the number of days before the current date.
Date Field 1 Equals 999 Once Before Date

Filter criteria after the current date
Scenario 1 Notification is evaluated and sent every day for all records where "Date Field 1" is
greater than 1 day after the current date.
Date Field 1 Greater Than 1 Daily After Date
Scenario 2 Notification is evaluated and sent every day for all records where "Date Field 1" is less
than 999 days after the current date.
Date Field 1 Less Than 999 Daily After Date
Scenario 3 Notification is evaluated and sent only once for all records where "Date Field 1" is equal
to 1 day after the current date. The Occurrence is defined as Once because the Target date cannot
be continually equal to a number of days after the current date.
Date Field 1 Equal To 1 Once After Date
Scenario 4 Notification is evaluated and sent only once for all records where "Date Field 1" is equal
to 999 days after the current date. The Occurrence is defined as Once because the Target date
cannot be continually equal to a number of days after the current date.
Date Field 1 Equal To 999 Once After Date
Troubleshooting with notification reports

Notification reports provide the success and failure status of notifications. Notifications still in the
queue are not reported. To access these reports, click Navigation Menu > Administration >
Notifications > View Notification Reports.

Example: Using the Notification Engine Recent Activity - Last 24 Hours report
Message
Problem Solution
Status
Successful The notifications are sent Check the Junk E-Mail folder or other email folders
successfully, but the recipient of the recipient.
does not receive it. If the notification is not in another folder, generate
the Notifications Sent report to view that the
Recipient Email Address is correct.
Successful There are fewer notifications Recipients did not receive all notifications. If this is
shown in the report than happening:
should have been sent.
1. Check the application or questionnaire's record
permission fields to be sure the recipient is
allowed to see the records.
2. Check the rights of the roles assigned to the

groups to which the recipient belongs.

recipient.
4. Modify the rights and permissions appropriately

and resend the notifications.
Successful The recipient only sees part of Recipients do not have permission to view the
the content. record. If this is happening:
1. Check the application or questionnaire's record
permission fields to be sure the recipient is
allowed to see the records.

groups that the recipient belongs.

recipient.
4. Modify the rights and permissions appropriately

and resend the notifications.

Message
Problem Solution
Status
Failed The notifications failed to Ensure that the Server Address is correct in the RSA
send. Archer Control Panel > General Settings of the
instance.
Ensure the user account of the recipient has an email
address. See Managing Users.
N/A The report does not show any Check the notification rules to be sure that they are
notifications; the notifications valid and will trigger. If that is the issue, modify the
did not trigger. rules and send again.
Discussion Forums for Administrators
Note: This topic is intended for administrators. For an overview for users, see the Discussion
Forums for End Users topic in the RSA Archer GRC OnlineDocumentation .
The Discussion Forums feature enables administrators to create structured environments where
users can exchange information on various topics. These environments, called forums, provide a
platform for posting and replying to topics. Administrators can group forums together into
communities. For example, a community named Microsoft Windows might contain forums for
Microsoft Windows Vista vulnerabilities and Microsoft Windows 7 vulnerabilities.
The Discussion Forums feature appears in both the administration suite and the end-user suite of
features. In the Discussion Forums feature in the administration suite, administrators can establish
discussion forum communities and assign forum creators for each community. They also can define
roles for forum participants, which control the permissions end users have in discussion forums.
Application owners also can create record-specific discussion forums to allow users to discuss
information as it relates to a specific content record. The Discussion field type is available for this
purpose.
In the end-user Discussion Forums feature, forum creators can create new forums in their assigned
communities and can define the properties of those forums, select forum members, and assign roles
to those members. End users also can access forums to which they belong through the end-user
Discussion Forums feature, enabling them to read, add, or respond to topics according to the rights
assigned to them through their forum roles.
The Discussion Forums feature provides several default roles for forum participants and enables
administrators to create additional roles. Forum creators, designated by administrators of the
Discussion Forums feature, can create new forums in their assigned communities and can define the
properties and the membership for those forums. Default roles that forum creators can assign to
forum members include forum administrator, moderator, participant, and read-only participant.

Discussion forums terminology

The definitions of terms in the following table are specific to the Discussion Forums feature.
Term Definition
Community This is an organizational structure for grouping one or more related discussion
forums. A community itself is not a forum and cannot receive posts.
Forum A discussion area focused on a specific subject or theme. A forum is housed in a

discussion community. The forum contains information exchanges relative to one
specific subject. Each forum can contain many topics, and those topics should all
relate back to the central subject or theme established by the forum.
Traditional A standard discussion forum built through the Discussion Forums feature.
Forum
Content- A discussion forum that is linked directly to a specific content record. It cannot be
Specific accessed through the Discussion Forums application. Instead, users can access it
Forum by clicking View Forum in the Discussion field in a record.
Locked Messages in a locked forum can be read by users, but no new messages can be
Forum posted to the forum.
Archived An archived forum is hidden entirely from forum participants. No messages can be
Forum read or posted in the forum. However, an archived forum can be made available
again to forum participants by a community or forum administrator.
Community This is a user who has been granted the rights to view, edit, and delete all forums
Administrator in a selected community, regardless of whether the user has been enrolled as a
member of those forums. Discussion community administrators also can add new
forums in their assigned communities.
Forum To access and contribute to a forum, a user must be enrolled as a member of that
Membership forum. Each member is assigned a specific role that governs the user rights in the
forum.
Forum Role Each member of a forum is assigned a specific role, which is a named grouping of
rights. A user role dictates what the user can and cannot do in a particular
discussion forum. For example, administrators might create a role called "Reader,"
which is assigned to users who need the ability to view all posts in a given forum,
but who will not be permitted to respond to those posts or to contribute new topics
for discussion.

Term Definition
Forum When a forum creator assigns a user as an administrator of a selected forum, the
Administrator administrator has rights to post messages and to edit and delete posts made by any
forum participant. Forum administrators also can enroll additional members or
revoke the membership of any user or group.
Moderator When a forum creator assigns a user as a moderator of a selected forum, that
moderator has rights to post messages and to edit and delete posts made by any
forum participant. They also can enroll additional members or revoke the
membership of any user or group, and they can manage the properties of the
forum, including its expiration plan, reply depth, display options, and so on. In
addition, moderators can merge topics in the forum.
Post A generalized term referring to any type of message submitted to a forum. Topics
and replies are specific types of posts.
Topic A top-level post that poses a question or otherwise establishes the context for a
thread of discussion. Topics serve as containers for replies.
Reply A post that is submitted in response to an existing post. Replies provide the means
for exchanging thoughts, opinions, or supporting information relative to a given
topic.
Thread A single topic and all of its related replies. The topic-directed discussion that
occurs in a forum is thought of as "threaded" because you can trace the path of
information from the original topic down through all of its reply postings.
Hot Topic A topic is considered "hot" if it has been replied to or viewed several times in a
short period of time. Hot topics are displayed with a star icon so users can easily
identify them. Community and forum administrators define the criteria for topics
marked as "hot," and these criteria can vary from forum to forum. For example, in
one forum, a hot topic may be defined as one that has received 10 posts in the last
3 days and has been viewed 20 times in the last day. In another forum, a hot topic
may be defined simply as one that has received 5 posts in the last day.
Locked Topic When a topic is locked, users are not permitted to reply to it. The topic and its
previous replies, however, remain visible to users. Locked topics can be unlocked
at any time by users who have the proper rights.

Discussion forums icon legend

The following table describes icons that are unique in the Discussion Forums feature.
Icon Description
You have read all posts in this discussion community, forum, or topic.
This discussion community, forum, or topic contains new posts for you to read.
This discussion community, forum, or topic has recently experienced a large number of
postings and information that you have viewed. You have read all posts in this community,
forum, or topic.
This discussion community, forum, or topic recently experienced a large number of postings
and information that you have viewed. The community, forum, or topic contains new posts
for you to read.
This discussion forum or topic is locked, and you have read all posts in it.
This discussion forum or topic is locked, and it contains new posts.
Adding Discussion Communities

A discussion community groups together discussion forums with similar subjects or themes.
Discussion community administrators and discussion forum creators can add and edit forums in their
assigned communities. Community forum administrators can edit the properties of those forums, but
cannot create new forums.
Add a discussion community
1. Go to the Manage Discussion Communities page.
b. Under Discussion Forums, click Discussion Communities.
2. Click Add New.
l To select new settings for a community, select Create a new Discussion Forum Community
from Scratch.

l To use the settings of an existing discussion forum community as a starting point for your new
community, select Copy an Existing Discussion Forum Community and select the existing
community from the Discussion Forum Communities list.
4. Click OK.
a. In the Name field, enter a unique name for the community.
b. In the Description field, enter a description of the community.
6. In the Administration section, do the following:
a. In the Community Administrators field, select the groups, users, or both that you want to
administer the community.
b. In the Forum Creators field, select the groups, users, or both that you want to create the
forums.

Adding Discussion Forums
Step 1: Enable a discussion forums in a solution
1. Open the solution to which you want to add a discussion forum.
c. Select the solution that will have the discussion forum.
2. In the Applications section, click Add New.
3. In the Applications tab, select Discussion Forums and click OK.
4. Click Save.

Step 2: Create a discussion forum
1. Go to the Forum page.
a. On the Workspace menu, select a solution.
b. If the discussion forum is enabled, click the preferred sub-solution.
c. Under the Discussion Forum, click Communities.
d. Select a discussion community.
2. Click Add New and do the following:
l To create a new discussion forum, select Create a new Discussion Forum from scratch.
l To create a discussion forum from an existing discussion forum, click Copy an existing
Discussion Forum and select from the Discussion Forum list.
3. Click OK.
4. On the General tab, in the General Information section, enter the name and description of the
discussion forum community.
5. Click Save or Delete.

l Click Delete to remove the discussion forum.
Step 3: Configure the discussion forum options
a. On the Workspace menu, select a solution.
b. If the discussion forum is enabled, click a sub-solution.
c. Under Discussion Forum, click Communities.

2. Select the forum that you want to manage.
3. On the Administration tab, select from the following administrative, display, and notification
options:
Option Description
Forum To set the forum to be archived or deleted on a specific date, select Archive or
Expiration Delete, and in the Forum Expiration Date field, select a date on which the
Plan forum should be archived or deleted.
Maximum Enter the maximum number of topics that can be added to the forum. By default,
Topic Count 100 topics are permitted.
Maximum Enter the maximum number of replies that can be posted per topic. By default,
Reply Count 300 replies are permitted.
Maximum When a discussion forum user posts a reply to a topic, that reply is nested under
Reply Level the topic. If another user posts a reply to the first user reply, that second post is
Count nested beneath the first post, creating a 2-level reply depth. In this field, enter
the maximum number of reply levels allowed per topic. By default, 20 reply
levels are permitted.
Maximum To set the maximum number of days a topic can reside in the forum, enter the
Topic Age number of days in this field.
(Days)
Attachments To allow forum participants to attach files when posting topics and replies,
select Allow Attachments. You also can define the maximum allowable size for
those file attachments by selecting a size from the Maximum Attachment Size
(MB) list. The default size is 1MB.
Anonymous To allow users to optionally post anonymous messages in the forum, select
Posting Allow. When this option is selected, forum participants can select the Post as
Anonymous User option when submitting a new post in the forum.
Moderator To configure the forum to trigger email notifications for forum moderators each
Emails time a new post is submitted, select Notify when a message is posted.
Hot Topics A topic is considered "hot" if it has been replied to or viewed a specified
Status number of times within a specified number of days. Hot topics are marked for
Criteria users with a star. To configure when topics are flagged as "hot," enter the
number of replies, views, and days in the appropriate fields.

Step 4: Enroll discussion forum member
a. From the Workspace menu, select a solution.
c. Under Discussion Forums, click Communities.
2. Select the discussion forum that you want to manage.
3. On the Membership tab, for each Forum Role to which you want to assign members, click .
4. From the Available list, edit the list of users and groups you want to assign to the role.
l To remove a user or group from the Selected list, click to the right of the name.
l To search for a specific user or group:
a. Enter the appropriate name in the Find field.
b. Select the name type from the adjacent drop-down list.
c. Click .
5. Click OK.

Adding Discussion Forum Roles

The discussion forum role governs user access rights in the end-user Discussion Forums feature.

Add discussion forum roles
1. Go to the Manage Discussion Forum Roles page.
b. Under Discussion Forums, click Discussion Forum Roles.
l Select the forum role that you want to update.
l To create a new role, click Add New and do one of the following:
l To create a new discussion forum role, select Create a new Discussion Forum Role from
Scratch and click OK.
l To create a discussion forum role from an existing discussion forum role, click Copy an
Existing Discussion Forum Role, select from the Discussion Forum Role list, and click
OK.
3. In the Role Permissions section, select each access right that you want to enable for the
discussion forum role.
Access
Description
Right
Read Posts Users can read posts in the selected forum, but cannot post messages of their
own.
Post Users can post replies to existing topics or existing replies.

Replies
Post New Users can post new topics in the forum.

Topics
Delete My Users can delete any message they have posted in the forum. If other users have
Posts replied to the deleted post, those replies also are deleted.
Edit Posts Users can edit any post in the forum, whether created by them or by another
user.
Delete All Users can delete any post in the forum, whether created by them or by another
Posts user. If other users have replied to the deleted post, those replies also are
deleted.

Access
Description
Right
Add Forum Users can add users and/or groups to the list of forum members.
Users
Remove Users can remove users and/or groups from the list of forum members.
Forum
Users
Manage Users can modify the forum properties.

Forum
Properties
Merge Users can merge topics to organize them in the forum.

Topics
Merging Topics in a Discussion Forum

If you find that there are topics that contain similar information, you can combine, or merge them
together to keep the discussion forum organized.
Merge topics in a discussion forum
1. Go to Forum page.
a. On the Workspace menu, click a solution.
c. Under Discussion Forum, click Communities
d. Select the discussion community with the forum you want to manage.
2. Go to the discussion forum that contains the topics that you want to merge.
3. In the Actions column, click for a topic that you want to merge.
4. In the Target Topic field, click .

5. In the Target Topic Lookup dialog box, select the topic that you want to serve as a "parent" to
the topics that you plan to merge together.
6. Click OK.
7. In the Merge Topics field, click .
8. In the Merge Topics Lookup dialog box, select the topics that you want to group, or merge, under
the parent topic.
The merged topics are nested under the parent topic and display as replies to that topic. Merged
topics retain their original threading.

Locking and Unlocking Discussion Forums

Lock or unlock a discussion forum to control whether new content is posted.
Lock a discussion forum
a. From the Workspace menu, click a solution.
d. Select the discussion community with the forum that you want to manage.
2. Select the discussion forum that you want to lock.
3. Go to the General tab.
4. Select Locked to lock the forum.


Unlock a discussion forum
d. Select the discussion community with the forum that you want to manage.
2. Select the discussion forum that you want to unlock.
4. Clear the Locked checkbox to unlock the discussion forum.

Archiving Discussion Forums

You can archive an existing forum and remove it from participant view. Once a forum has been
archived, only administrators can continue to access the forum and its posts, as well as edit the
properties of the forum.
Archive a discussion forum
d. Select the discussion community with the forum you want to manage.
2. Go to the discussion forum that you want to archive.
Note: If you are accessing a record-specific discussion forum, go directly to the record where
that discussion form is located and skip to step a of this procedure.

4. Select Archived to archive the forum.
Note: You can restore an archived forum to participant use by clearing the checkbox.

Training and Awareness

The Training and Awareness feature enables administrators to construct and deliver training and
awareness communications to specified users and groups. You can expose users to policy changes
and additions, broadcast information regarding special events, and assess your users understanding
of various issues. Training and awareness communications are organized as campaigns with one or
more events. Campaigns support Acceptance, Presentation, and Quiz event types.
Use events to create highly effective campaigns for education and assessment. For example, you can
use a presentation event to inform your end-user community that your Internet Use policy is changing
and to describe the proposed changes. You can then present the revised Internet Use policy in an
acceptance event and require your users to accept the policy or decline it with an explanation of
their choice. Finally, you can send a quiz event to the same users to find out if they understand your
revised policy by requiring them to correctly answer a series of questions.
Each event in a campaign has a start and stop date so you can create events in advance. The stop
date specifies the end to an event if the information it contains becomes irrelevant or no longer
requires distribution. Various formatting and delivery options are available for complete
customization of events. All events can include custom text and content from any application. You
can direct events to an individual user or group or to multiple users or multiple groups.
RSA Archer GRC offers the following event types to equip you to effectively communicate
information to your users:
l Presentation Events are used to broadcast information to users or groups via emails or prompts
when a user logs in to RSA Archer GRC.
l Acceptance Events are used to broadcast information to users in the form of a prompt when a
user logs in to RSA Archer GRC.
l Quiz Events are used to test user knowledge of application content, and are presented to users as
a prompt when they log in to RSA Archer GRC.

Example: Training and awareness time line for a campaign delivered over several
weeks
January 1: Send an email to all system administrators that the your VPN policy has been
changed. Include a copy of the policy for administrators to review.
January 19: Greet system administrators with a reminder to read the VPN policy.
February 1: Send a follow-up email to system administrators to inform them that a quiz on the
new VPN policies will be administered on February 9.
February 9: Administer the VPN policy quiz to system administrators. Optionally set a minimum
passing grade or provide them with open book guidance. Allow enough days for everyone to take
the quiz.
February 28: Review the quiz results and determine the next course of action.
Training and Awareness terminology
Term Definition
Campaign A campaign is an organizational structure that groups training and awareness events
with similar subjects or themes.
For example, a campaign called Password Compliance Training could contain the
following:
l A presentation event called Passwords and Security Parameters
l An acceptance event called Password Change Policy
l A quiz event called Password Change Policy Quiz
Event A method for communicating and gathering information through a campaign. The
following events are supported: Acceptance, Presentation, and Quiz and are presented
to users as a prompt when they log in to RSA Archer GRC.
l Acceptance events communicate information and require action from the recipient.
l Presentation events communicate information to users and groups.
l Quiz events test users knowledge of content, for example, a change in policy.

Adding Training and Awareness Campaigns

A campaign is an organizational structure that groups Training and Awareness events with similar
subjects and themes. Use campaigns for highly effective education and assessment of your
employees. Campaigns include events that help you manage the training and awareness of your
employees.
For example, you can create a campaign that notifies the employees of a policy change, request an
acceptance from them acknowledging the notification, and a quiz to test their understanding of the
change in policy.
Campaign event types

You can define or modify the content of an event by entering text or selecting content from any
application for which you have ownership rights. Entering content from an application enables you to
communicate relevant information to specified users using existing information, such as Acceptable
Use policies. You can use introductory text to introduce application content or to provide instructions
for taking quizzes.
RSA Archer GRC offers the following event types to equip you to effectively communicate
information to your users:
l Presentation Events are used to broadcast information to users or groups via emails or prompts
when a user logs in to RSA Archer GRC.
l Acceptance Events are used to broadcast information to users in the form of a prompt when a
user logs in to RSA Archer GRC.
l Quiz Events are used to test user knowledge of application content, and are presented to users as
a prompt when they log in to RSA Archer GRC.
Quiz behaviors
You can set the quiz behavior for determining:
l The passing grade
l The passing requirements
l The number of times a user can retake the quiz if the user did not pass the quiz
l Whether answers are marked as correct or incorrect
l Whether the quiz is open-book style, allowing users to navigate between the quiz and the content
while taking the quiz
The following rules apply when any of the behaviors are set:

l Users who pass the quiz are allowed to continue to the application.
l Users who fail the quiz may be forced to retake it based on a determined number of retakes.
Users are prompted to retake the quiz up to up to the maximum number of specified retakes. If a
user does not pass the quiz within the specified number of retakes, the user is allowed to continue
to the application.
If the answers are marked for showing the grading, correct answers appear with a green check mark
and incorrect answers appear with a red X.
Add a campaign
1. Go to the Manage Training and Awareness Campaigns page.
b. Under Training and Awareness, click Training and Awareness Campaigns.
2. Click Add New.
3. In the Campaign Name field, enter a name for the campaign.
4. In the Description field, enter a brief description of the campaign.
5. Click Save.
Adding Presentation Events

Presentation events broadcast information to users or groups using email or prompts when a user logs
in to RSA Archer GRC. Recipients of presentation events are not required to acknowledge receiving
the event or to respond to the content of the event. Presentation events represent a passive form of
communication.
for taking quizzes.
Step 1: Add an event
1. Go to the campaign to which you want to add an event.

c. Select the campaign.
2. Click Add New.
3. In the Creation Method section, do one of the following:
l To add a new event, click Create a new Event from scratch and click Presentation.
l To make a copy of an existing event, click Copy an existing Event and select the event.
4. Click OK.
5. Select a delivery option, and click OK.
6. In the General Information section on the General tab, enter the name and description.
7. Click Apply.
Step 2: Define the content
2. In the Introduction field, type the text that you want to be displayed at the top of the event email
or prompt. Use the Rich Text Editor toolbar to format the text.
3. Do the following to provide content from an application after the introductory text:
a. In the Content field, click .
b. Select an application or questionnaire from the list and click OK
4. In the Closing field, enter the text that you want to be displayed at the bottom of the event. Use
the Rich Text Editor toolbar to format the text.
5. Click Apply.
Step 3: Select the delivery options

Your delivery options vary depending on the delivery method that you selected when you created the
event.

2. In the Delivery Options section, enter the name of the quiz and the begin and end dates of the
event.
3. In the Skip Setting field, select the behavior for allowing users to skip the questions in the event.
4. In the Reminders section, select the whether reminder notices are sent. If you select a
frequency, enter the following information:
l (Optional) In the Reminder Frequency field, select the frequency for sending the reminder
notices.
l In the From Address, enter the Email address of the sender. For example the sender Email
address might be noreply@acme.com.
l (Optional) In the From Alias field, enter the nickname of the sender.
5. Click Apply.
Step 4: Select event recipients
1. Click the Recipients tab.
l To specify users or groups, select the users and groups who you want to receive the event
from the Available list
l To search for a specific user or group, enter the name in the Find field, select the name type
from the adjacent list, and click . The results of your search are displayed in the Available
list.
l To remove a user or group from the list of recipients, click to the right of the appropriate
3. Click Apply.

Adding Acceptance Events

Acceptance events are used to broadcast information to users, and requires action from the recipient.
These events are presented to users as a prompt when they log in to RSA Archer GRC. Users
receiving an acceptance event are required to accept or decline the event. Communicating an
Acceptable Use policy is an example of how to execute an acceptance event to ensure that users
within an organization have read the necessary material associated with their role.
for taking quizzes.
Step 1: Create an event
2. Click Add New.
l To add a new event, click Create a new Event from scratch and click Acceptance.
4. Click OK.
5. In the General tab, enter the name and description.
6. Click Apply.

5. Click Apply.
1. Click the Delivery tab of your event.
event.
notices.
5. Click Apply.
Step 4: Select recipients
list.

3. Click Apply.
Adding Quiz Events

Quiz events are used to test users knowledge of application content. These events are presented to
users as a prompt when they log in to RSA Archer GRC. A quiz event is a method for determining
not only that a user received or accepted an event, but also that they have a complete understanding
of the required reading. The content in the quiz can be displayed prior to the quiz or can be available
for users to review as they take the quiz.
Quiz behaviors
You can set the quiz behavior for determining:
l The passing grade
l The passing requirements
l The number of times a user can retake the quiz if the user did not pass the quiz
l Whether answers are marked as correct or incorrect
l Whether the quiz is open-book style, allowing users to navigate between the quiz and the content
while taking the quiz
The following rules apply when any of the behaviors are set:
l Users who pass the quiz are allowed to continue to the application.
l Users who fail the quiz may be forced to retake it based on a determined number of retakes.
Users are prompted to retake the quiz up to up to the maximum number of specified retakes. If a
user does not pass the quiz within the specified number of retakes, the user is allowed to continue
to the application.
If the answers are marked for showing the grading, correct answers appear with a green check mark
and incorrect answers appear with a red X.
Step 1: Add a quiz event

2. Click Add New.
l To add a new event, click Create a new Event from scratch and click Quiz as the event type.
4. Click OK.
5. In the General Information section on the General tab, enter the name and description.
6. Click Apply.
5. Click Apply.
event.

notices.
5. Click Apply.
Step 4: Select recipients
list.
3. Click Apply.
Step 5: Define the question order and quiz behavior
1. Click the Questions tab and go to the Questions and Answer Setting section.
2. In the Question Numbering field, select the numbering format for the questions.
3. In the Answer Numbering field, select the format for the numbering answers.
4. In the Question Display Order field, select to list the questions manually or randomly.
5. Go to the Quiz Behavior section.
6. In the Passing Grade field, enter the percentage required to receive a passing grade.

7. Complete one or more of the following:
l To require users to pass the quiz, select Force retakes from the Passing Requirements list.
l To limit the number of times a user can retake a quiz, specify that number in the Retake Limit
field.
l To allow users to view incorrect answers when retaking a quiz, select Mark incorrect quiz
answers on retakes from the Show Grading list.
l To allow users to review the content of the quiz while taking the quiz, select Allow content
review during the quiz from the Review Content list.

Adding Questions to Quiz Events
You can add questions to the quiz either by entering them yourself or importing them from another
quiz.
Add questions to the quiz event
1. Go to the Questions tab of the quiz event that you want to update.
d. Select the quiz event.
e. Click the Questions tab.
2. In the Questions section, click Add New.
l To create a new question, click Create a new Question from scratch.
l To create a question from an existing question, click Copy an existing Question and select the
existing question from the list.
4. Click OK.

5. In the Question field, enter the question text.
6. In the Answers section, enter the answer text.
7. Click Add New to add another answer, and enter the answer in the blank field. Repeat this step
to create the answers for the question.
8. In the Correct column, click the checkbox to the right of the answer to designate it as the correct
answer for the question.
9. (Optional) In the Multiple Answer Selection field, select whether users can select more than one
answer for the question if the question is multiple choice and select the appropriate method for
listing the answers.
l To present the answers randomly for each quiz participant, select Random Answer Order.
l To present the answers in a specific order, select Manual Answer Order.
10. (Optional) In the Hint field, enter the text for providing the quiz participants a hint if they answer
the question incorrectly.
11. (Optional) Click Configure Display Order to reorder the answers by dragging each answer to its
position you want.
12. Click OK to save your question and answers.

Import questions into a quiz event
1. Go to the Questions tab of the quiz event that you want to update.
d. Select the quiz event.
e. Click the Questions tab.
2. In the Questions section, click Import.
3. Select one or more campaigns from which to copy the questions.

4. Click OK to import the questions.
5. Edit or delete the imported questions so that meet your needs for the quiz.
l To edit a questions, click and make the necessary changes by changing the order in
which they are listed, the answers to the question, and marking the correct answer.
l To delete a question, click .
l To add a new questions, click Add New and follow the instructions for adding a new question.

Deleting Campaigns and Events

When a campaign or event is no longer needed, you can delete them from the Manage Training and
Awareness Campaigns page.
Delete a campaign
2. Click in the row of the campaign that you want to delete.
3. Click OK to confirm.
Delete an event
2. Click the campaign that contains the event you want to delete.

3. Click in the row of the event that you want to delete.
4. Click OK to confirm.
Mail Merge
Mail Merge templates define how records are inserted from RSA Archer GRC into a Microsoft
Word document using the Mail Merge functionality. This functionality is particularly useful for
conducting iterative vendor assessments and SOX compliance reviews.
Export a record using a Word document containing Mail Merge fields that display data from your
application. The exported file is formatted according to the layout of the Word document with the
exception of attachments. The attachment is inserted inline on a separate page. All attachments must
be a Word (.doc or .docx) document. All other file types are not supported and are ignored in the
exported file.
Alias and merge regions

Most objects in RSA Archer GRC, such as applications, levels, and fields, have aliases associated
with them. Use these aliases when creating an export template for the Mail Merge Template
functionality.
l Attachment l Record
l Cross- Permission
Reference l Record Status
l Date l Related
l External Link Records
l Image l Sub-form
l IP Address l Text
l First l Tracking ID
Published l User/Group
l Last Updated l Values List
l Matrix l Voting
l Numeric
Note: ".Data" represents the field data of an attachment, which is how the data is retrieved.

Example: Merge regions syntax
Fields Syntax
Cross-Reference, Related «TableStart:FieldAlias»«RelatedFieldAlias»

Record, and Sub-Form «TableEnd:FieldAlias»
Values List «TableStart:FieldAlias»«ValuesList»«TableEnd:FieldAlias»
External Links (with either a «TableStart:FieldAlias»«Name»«URL»«TableEnd:FieldAlias»

Name or URL)
Note: Replace FieldAlias with the field alias name. For example, the following statement contains
several aliases to fields in another application. Opportunity is the cross-reference alias to related
levels:
«TableStart:Opportunity» «Product_Name» «Product _Code» «Quantity» «Unit

Price» «Total_Price» «TableEnd.Opportunity»
Mail merge terminology
Term Definition
Alias A unique name that identifies an object or component, such as fields, applications,
solutions, workspaces, and iViews. Assign aliases to fields when creating the report
template in Word.
Exported The final output produced from a Export template with data merged from an
File application.
Export The Microsoft Word document that is uploaded to the Mail Merge template.
Template
Mail A feature of Microsoft Word used to create reports.

Merge
Mail An entity that serves as a report template. The template contains the Word document
Merge template and settings.
Template

Mail Merge Syntax

Certain field types must be specified using a merge region, which enables the field to dynamically
grow portions of the document. To specify a merge region, insert TableStart at the beginning of the
region and TableEnd at the end of the region. Mail merge regions can be nested inside of each other.
Templates are associated with and can reference fields from a level. To reference a field in an
adjacent level, use the Cross-Reference field as the Level Reference.
Syntax formatting
Pressing [Alt]+[F9] keys to display the syntax codes.
Control Type Field Type Syntax Formatting
List Cross-Reference <<List:Cross_A_to_B>>
Drop Down Date <<Drp_Dwn_DateTime>>
Text Box Date and Time <<Txt_Box_DateTime>>
Text Box Date/Time - Date <<Txt_Box_DateTime>>
List External Link <<List:External Link>>
List External Link URL <<List:External Link>>
List External Link Name <<List:External Link>>
First Published.Date <<First_Published>>
First Published.User Name <<First_Published>>
First Published.Display Name <<First_Published>>
IP Address <<IP Address>>
LastUpdated.Date <<Last_Published>>
LastUpdated.UserName <<Last_Published>>
LastUpdated.DisplayName <<Last_Published>>
Numbered Matrix.Row <<List:Values_Checkbox>>
Numbered Matrix.Column <<List:Values_Checkbox>>
Numeric <<Numeric>>
Numbered Rec Status <<List:RecStatusField>>

Control Type Field Type Syntax Formatting
List Record Permissions <<List:RecPerm>>
Bulleted Sub-form <<List:A__SubForm>>
Numbered Sub-form <<List:A__SubForm>>
Text <<Text>>
Tracking Id <<TrackingID>>
List User/Group DisplayName <<List:UGField>>
Bulleted User/Group ID <<List:UGField>>
Numbered User/Group Type <<List:UGField>>
Drop Down Values List <<List:Values_List_Drp_Dwn>>
Voting <<Voting>>
Alias syntax
To reference a field that is in the primary level insert the alias of that field into the export template.
Other field types require a merge region. For fields that have multiple options, use the reference as it
applies to your template.
Field Syntax
Date «Drp_Dwn_DateTime»
«Drp_Dwn_Date_Only»
«Txt_Box_DateTime»
«Txt_Box_Date_Only»
External Link «List_ExternalLink»
IP Address «IPAddress»
«List:IPField»
Adding Mail Merge Templates

The mail merge template must be formatted with the proper formatting syntax.

To use the Mail Merge Template functionality for exporting a record, create a Microsoft Word
document that serves as the export template. The export template defines which fields are merged
and the order in which the fields appear in the exported file.
Word documents and templates for export templates
l .docx (Microsoft Word 2007 or 2010)
l .dotx (Microsoft Word 2007 or 2010)
l .doc (Microsoft Word 2000 or 2003)
l .dot (Microsoft Word 2000 or 2003)
Add a mail merge template
1. Go to the Manage Mail Merge Templates page.
b. Under Management Reporting, click Mail Merge Templates.
l To create a new mail merge template, click Create Original.
l To add a mail merge template from an existing one, click Copy Existing and select the
template that you want to copy from the Mail Merge Templates list
3. Click OK.
5. In the Options section, do one of the following to select the application for the template.
l For a flat application, select the application from the Application list.
l For a leveled application, select the application from the Application list and select the
correct level from the Level list.
6. In the Output Type field, select the document format for the Mail Merge output file: DOC,
DOCX, or PDF.
7. In the Report Template section, click Add New.
8. Click Add New to upload a file.
9. Select the file you want and click OK.

Adding Report Templates to a Mail Merge Template

Only one report template can be active at time. If the mail merge template has an existing report
template, it is replaced with the one you are adding.
You can only upload Microsoft Word 2010 or 2007, or Word 2003 files (.docx, .dotx, .doc, and .dot).
Add a report template to a mail merge template
2. Select the mail merge template that you want to update.
3. In the Report Template section, click Add New.
4. Click OK to replace the existing report template.
5. Click Add New, and select the file you want to upload.
6. Click OK.

Assigning Access Rights to Mail Merge Templates

Access rights determines whether all users or only select users or groups have access to the mail
merge template.
Assign access rights to mail merge template
1. Go to the Access tab of the Mail Merge template you want to modify.

c. Select the mail merge template.
d. Click the Access tab.
l To enable any user to have access to the template, select Public.
l To restrict access to only designated users and groups, do the following:
a. Select Private.
b. In the Available section, select the users and groups that you want to have access to the
template.

Changing the Status of a Mail Merge Template

Activating a template will make it public while inactivating a template will make it invisible to users
in the list.
Change the status of a mail merge template
1. Go to the General tab of the Mail Merge template you want to modify.
c. Select the mail merge template.
2. In the Options section, in the Status field, select the status: Active or Inactive.


Deleting Mail Merge Templates

Important: Deleting a mail merge template is permanent. The data cannot be recovered once the
template is deleted.
Delete a mail merge template
2. In the row of the mail merge template that you want to delete, click .
3. Click OK.

Chapter 14: Data Integration

You can use RSA Archer GRC as a point of consolidation for enterprise data of any type for
supporting analysis and process management. RSA Archer GRC is vendor neutral, content
independent, and provides three integration methods for consolidating data from disparate enterprise
systems for governance, risk, and compliance management.
l Data imports allow you to import data into an application or sub-form from an external data file
on a one-time basis.
l Data feeds allow you to build dynamic integrations with external enterprise systems and files that
can run automatically on an on-going schedule.
l The RSA Archer Web Services API also offers you a programmatic interface for automating the
exchange of information between RSA Archer GRC and an external application.
l Finally, data publications allow you to extract data from yourRSA Archer GRC system and load it
into external systems for data analysis and modeling.
Data Imports
Use the Data Import feature to import records into an application, questionnaire, or sub-form from an
external data file.
When you define a data import from the Administration workspace, you have access to all
applicable applications, questionnaires, or sub-forms. The access role must have Create, Read, and
Update rights for data import.
In addition to granting access rights to data import in Integration, you must also grant the user access
to the application and solution in Access Control so that the user can run the Data Import from the
Navigation Menu.
When a user runs a data import, a job is created and queued in the Job Engine. The job runs
asynchronously from the job queue.

Import considerations
Condition Consideration
Importing When importing data into a leveled application, you must import data of each level
Data Into separately, starting with the top data level. Each level must be imported from a
Leveled separate external data file. You can create these separate source files by exporting
Applications data from the leveled application that contains the data that you want to import. You
must export data one level at a time.
Importing individual columns into specific levels from a single master file creates
duplicate upper-level records and lower-level records which are not associated with
their parent records.
Your level-2 import file must contain:
l All the level-2 field values that you want to import.
l The unique values for a field in level 1 of the application, such as the Tracking
ID field.
Your level-3 import file must contain:

l All the level-3 field values that you want to import.
l The unique values for a field in level 2 of the application, such as the Tracking
ID field.
Mapping After selecting unique record identifiers in the Data Import Wizard, you must map
Imported fields from your import file to fields in your application or sub-form. To assist you
Data to in this process, the Step 2 - Identification page of the wizard provides a preview of
Application the first 20 rows of data in your import file.
Fields Note the following information before you begin mapping your import data:
l If you are updating existing records or importing sub-form entries, you must map
the field that you selected as a unique identifier to the appropriate field in the
field mapping grid or an error message is displayed.
l Import values for a Cross-Reference field must be key field values for the cross-
referenced application. If the values are not key field values, the importer cannot
link the records.
l The format for Cross-References field values in the import file must be
consistent.

Condition Consideration
Using Excel When using Excel as a .CSV editor, Excel may make unexpected changes when
as a .CSV you save your data file.
Editor Note the following types of information that may change in your files:
Date Excel converts date values to use its format. You can use this
Values feature to your advantage if you are pulling values in from disparate
sources.
Points of Excel manipulates decimal places to use its format.

Precision
Quoted Excel uses quoted strings if they are necessary, and strips extra ones
Strings if they are not.
Cell A cell in an Excel spreadsheet holds a finite number of characters.

Limitations If your .csv file exceeds this limit, saving it in Excel corrupts your
data.

Data requirements and import results

Some fields require specific data formats for successful imports. The following table provides
information on data import results and data requirements for various field types.
Field Type Requirement Behaviors
Cross CAST values can be specified If you are adding additional field values rather
Application only during an import update. than updating existing values with your data
Status CAST values are specified in import, this field is not available in the
Tracking the target/child application. Application Fields drop-down list on the second
(CAST) page of the Data Import Wizard.
Because a CAST value is
specific to two different records, Example: Updating implementation status of two
you must include unique
vulnerabilities
identifiers for both the parent
and the child record. You want to update the Implementation Status of
two vulnerabilities on 10 assets. You need 20
rows of data and the asset identifier,
vulnerability identifier, and status value.
Field Value
Asset Identifier IP Address or Asset

Name
Vulnerability BugTraq ID
Identifier
Status value Implemented
Cross- Import values must be key-field If you import values that are not key-field values
Reference values for the related for the related application, the data importer
application. cannot link records in the import application to
records in the cross-referenced application.

IP Address An IP Address value must be

formatted as four octets
separated by periods. Each octet
can contain one, two, or three
numbers.
The following is an example of
an import value for an IP
Address field:
1.160.10.240
Matrix Specify the column name and If you import a Matrix value that contains a
corresponding row value for column or row value that does not display in the
each column in the Matrix field.
application Matrix field, that column or row is
Separate column names and row added to the Matrix field.
values with a comma.
Example: Import value for a matrix field
Separate column and row pairs
with a semicolon. Maintenance Burden, Low; Portability, Medium;
Power Consumption, High
In this example, "Maintenance Burden,"
"Portability," and "Power Consumption" are
column names, and "Low," "Medium," and
"High" are the corresponding row values.
If you do not want additional columns or rows to

be added to your Matrix field during a data
import, ensure that your external data file only
includes Matrix values that appear in your
application Matrix field.

Numeric Ranged Numeric field: Values outside of the defined range will not
display when users execute record searches
l Values must be within the
using numeric-range filters.
defined ranges of the field.
l Values must be within the

minimum and maximum value
defined for the numeric field,
or an error is reported.
l Values that exceed the

maximum number of decimal
places of a numeric field are
rounded to meet the field
requirements.
l Values with fewer decimal

places than the minimum
number of decimal places
allowed in the Numeric field
are padded with zeros, for
example, 4.22000.
Record If you import an empty value into a Record

Permissions Permissions field, the field is empty in the new
or updated record, even if the field is configured
with one or more default values.
When no value is selected in the Record
Permissions field, the only users who have
access to the record are those who are assigned
the System Administrator access role, and those
who are assigned as owners of the application.
Sub-Form During the import process, the

actual sub-form storing the data
from the data import must be
active.

Text This field is updated regardless of the content of

your data import.
User/Groups Users are identified using last_ If there is more than one user or group with the
List name, first_name, middle_name same value (name), the first one (based on the
format. Groups are identified by system ID) is used.
their name. Multiple values are separated with the
secondary delimiter specified on the first page of
the Data Import Wizard.
If you try to import a user or group that is not a
valid selection among the User/Groups List field
values list, an error is reported.
If you import an empty value into the
User/Groups List field, the field is empty in the
new or updated record, even if the field is
configured with one or more default values.
Values List If you import a value into a Values List field that
is not included in the values list of the field, the
value is added to the values list.
If the values list is global, the imported value is
displayed in the global values list for all fields
configured to use it.
Supported field types for data imports

The following field types are supported for data imports.

Field Type Sub-Form Field Type
l Cross-Application Status Tracking (only available l Cross-Reference

for import updates) l Date (unless the field is configured as a
l Cross-Reference calculated field)
l Date (unless the field is configured as a l IP Address

calculated field) l Numeric (unless the field is configured
l External Links as a calculated field)
l IP Address l Text (unless the field is configured as a

calculated field)
l Matrix
l User/Groups List
l Numeric (unless the field is configured as a
calculated field) l Values List (unless the field is
configured as a calculated field)
l Record Permissions (only if the field is configured
to allow manual selection)
l Related Records
l Sub-Form
l Text (unless the field is configured as a

calculated field)
l User/Groups List
l Values List (unless the field is configured as a

calculated field)

Unsupported field types for data import
l Access History l Last Updated Date
l Attachment l Multiple Reference Display
l Discussion Control
l First Published l Record Status
Date l Scheduler
l History Log l Tracking ID
l Image l Voting
Preparing for Data Imports

Before you begin the data import process, examine both your external data file and the component
(application, questionnaire, or sub-form) into which your data will be imported to ensure the
following conditions are met.
Rules for delimited file formats
l The file is a delimited-values data file. Identify the primary and secondary delimiters used in your
data file prior to the data import.
l The import file is a flat file, delimited-values data file. A flat file contains all data in a single
table and does not include any hierarchical structure.
l Each row is equal to one record, and field values are separated in each record by a comma, tab,
or other designated character.
l If your file contains multiple values in individual fields, those values are separated with a
secondary delimiter, such as a semicolon or pipe (|).
l If your Field Delimiter is a character that appears in individual field values, for example, a
comma that separates text strings, the system reads those characters as delimiters and separates
the field data that comes before and after the commas into two separate field values. Do one of
the following to ensure that this does not occur:
l Use single or double quotes to enclose field values in your data file, for example, "Server,
Router." Characters enclosed in quotation marks are not interpreted as delimiters.

l Choose Field and Values Delimiters for your data file that do not occur anywhere in your field
values. The pipe (|) and circumflex accent (^) characters are good examples of uncommon
characters that work well as delimiters.
l The application contains all necessary fields before you begin the import process. Importing data
into an application copies data from an import file into existing fields, but does not create any new
fields.
l The fields from your external data file match the fields in the application. The system
automatically maps import fields to application fields when they have the same name.
l All fields from your external data file that will be mapped to a required field include a value for
that required field.
l The import file has a consistent format for date and time values. Note the separator that is used
between the date and time values and between the time and the AM/PM designation.
Rules for importing into leveled applications
l If you are importing data into a leveled application, create a separate external data file for each
level. You import the data of each level separately, starting with the top data level.
l If you are importing data into an application that contains a sub-form, create a separate external
data file for your application records and your sub-form entries.
l You must import application records and sub-form entries separately.
l The sub-form data file must contain unique field values from the application records, such as
Tracking ID values, so the sub-form entries can be appropriately mapped to the application
records where they will reside.
Important: If you are importing data that uses a double-byte character set, such as Japanese, the
alias of each field must be set to a single-byte character set, such as English.
Step 1: Enable end users to perform data imports

You must have rights to the Access Control feature. If you do not, contact your RSA Archer GRC
administrator.

1. Go to the Navigation Menu tab of the application that you want to update.
2. Select the Show Item check box next to the menu item you want appear.
3. Click Save.
4. Go to the Rights tab of the Access Roles you want to update.
d. Click the Rights tab.
5. From the Application list, select the application that you just configured to display the Data
Import link in the Navigation Menu.
6. On the application Data Import page, select Read, Create, and Update.
Important: You must also grant access rights to the solution, for example, Policies. The access
role must include Create, Read, and Update rights to the Content Record and Data Import, for
example, Policies: Content Record and Policies: Data Import.

Step 2: Create and export a source file

Create separate source files by exporting data from the leveled application that contains the data that
you want to import.

1. Open the leveled application into which you want to import data.
2. Run an advanced search for level-1 fields.
3. Export the results and then save to a location on your local drive.
4. From the same application, run another advanced search and select the following:
l Level-2 fields
l A field from the first data level to include in your search results. This associates your level-2
records with your level-1 records. Values for the level-1 field must be unique for each record.
5. Export the results and save to a location on your local drive.
Importing Data Via the Data Import Wizard

After you have prepared your external data file and your application, questionnaire, or sub-form for
data import, you can begin the import process using the Data Import Wizard. The wizard asks you to
select your data file, configure import options, and map import data to application fields.
Step 1: Access the data import wizard
1. Go to the Manage Data Imports page.
b. Under Integration, click Data Imports.
2. Select the application, questionnaire, or sub-form to which you are importing data.
Step 2: Select the data file and import options
1. Go to the Manage Data Imports Page.
b. Under Integration, click Data Imports.
2. Select the Data Import you want to view.

3. In the Import File field, do one of the following:
l Enter the source file name.
l Click Browse to select the source file.
a. Click Add New.
b. Select the file you wish to import.
c. Click OK.
Note: If you make changes to the source file after uploading it to the Data Import Wizard, you
must upload the file again before initiating the data validation and import process.
4. In the Format Options section, select the field and values delimiters.
l If the field delimiter for your import file is a character other than a comma or a tab, enter the
correct character in the Other field.
l If the values delimiter for your import file is a character other than a semicolon or pipe (|),
enter the correct character in the Other field.
5. In the Locale field, select the locale language of the input file.
6. In the Header Row field, do one of the following:
l If the first row of data in your file contains field names instead of actual record data, select
File Contains Header Row.
l If the first row of data in your file contains actual record data, select File Does Not Contain
Header Row.
7. In the HTML Formatting field, indicate whether fields in your data file contain HTML
formatting.
8. In the Advanced Options section, complete the fields for specifying advanced import options,
including how to determine if your data fields contain field value quotes and if you desire to send
a notification for each record created and updated after the import cross has completed.

Question Available Options
Are any field If yes, select the double quotes or single quotes option. If you have none,
values quoted than select none.
in your data
file?
Should If notifications are enabled for the application into which you are importing
imported data, you can select to send notifications for your imported records.
records be If you are importing a large number of records, triggering a notification email
allowed to for each record may produce a heavy load on the email accounts of users
trigger who are subscribed to a notification template for the application.
notifications?
Should invalid If you select Import Invalid Cross References, records that contain invalid
cross cross-reference values are imported, but the invalid values are not.
references be If you select Do Not Import Invalid Cross-References, each of the cross-
imported? references in the record are validated. If any are found to be invalid, the
Data Import Wizard reports errors after the Validating Records import stage
and prevents you from completing the data import.
How should If you select to replace existing cross-reference values, the existing data in
existing the application is replaced with the data from the import file. Data existing
references be prior to the import process is removed.
handled? If you select to append cross-referenced data, the system leaves all existing
values in the record intact and adds new cross-reference values from the
data file to the records.
9. Click Next.
Step 3: Select unique record identifiers

The steps for selecting unique record identifiers vary depending on the type of data import you are
performing.

1. Begin on the Step 2 - Identification page of the Data Import Wizard.
2. In the General Information section, select one of the following options:
Import New Records Update Existing Records
If you are importing new If you are updating existing records, the system examines them.
records, existing records When there is a match between a record in your application and
in your application record in your external data file, the existing record is updated with
remain unchanged. The the imported record. If your external data file contains records that
new records are added to do not match any records in your application (according to the
the existing population of unique record identifier that you specify), those unmatched records
records in the are added as new records in your application.
application.
3. If you are updating existing records with your data import, do the following:
a. In Application Field(s), click .
b. Select one or more fields whose values serve as the unique record identifier.
This allows the Data Import Wizard to match records in your external data file with records
in the application, questionnaire, or sub-form.
Step 4: Map import data to application fields
1. Begin on the Step 2 - Identification page of the Data Import Wizard.
2. In the Import Type field of the General Information section, select the file type.
3. (Optional) In the Application Field(s) select the fields for update.
4. In the Import Fields Mapping section, do one or more of the following:
l To map imported fields, select the corresponding field in the Application Fields drop-down.
l To specify not to import one or more columns of data from your import file, select Do Not
Import from the corresponding columns in the Data Import Wizard.
l To update existing records or to import sub-form entries, map the field that you selected as a
unique identifier to the appropriate field in the field mapping grid.
5. (Optional) If you have mapped a Date field in the import file to a Date field in the application,
specify the format for date and time values in the import file.
6. Click Next.

Step 5: Initiate data validation and import
1. Review the Data Import Wizard Settings.
2. Make any necessary corrections. and begin the import process again (starting on the first page of
the Data Import Wizard).
3. Click Import.
Important: Do not close this window or log off from the system during this stage of the import
process. Doing so causes adverse results.
4. (Optional) If additional errors are found, go back and correct them as necessary and click import
again.
5. When the import is completed successfully, click Continue.
Reviewing Job Queues

Complete this task to view the Review Job Queues page which lists the current status of data
imports for RSA Archer GRC.
Review job queues

1. Do one of the following to navigate to the Review Job Queues page:
As RSA Archer GRC Administrator As End User
a. From the menu strip in the top frame, click

Preferences.
b. Under Integration, click Review Job
b. Click View Your Data Import History.
Queues.
2. Locate the data import that you want to view.
3. Click to display the Run Detail dialog box for that data import.
Troubleshooting Data Imports

RSA Archer GRC validates the imported data and reports any errors. If errors are found, RSA
Archer GRC terminates the import process. You must correct the errors in your data file before
attempting the data import again (starting on the first page of the Data Import Wizard). The Wizard
can report up to 100 errors. If your data file contains more than 100 errors, they are not all reported.

Error Description Resolution
All unique If you are importing new sub-form records, you Verify that the unique
identifiers must map the fields that you selected to serve as identifiers are correctly
must be the application unique identifier to the mapped.
mapped for corresponding fields in the field mapping grid.
insert
All unique If you are updating existing master or sub-form Verify that the unique identifier
identifiers records, you must map the field that you selected is accurately mapped.
must be to serve as the application's unique identifier to
mapped for the corresponding field in the field mapping grid.
update.
Column Your external data file contains a value that does Change the value in your data
mismatch not match the data type of the field to which the file to match the data type
value is mapped. required by the field to which
you are mapping the value.
Could not Occurs if your external data file contains a group Do one of the following:
locate group value that is not a group value established in the
l Change the group value in
name system.
your data file so that it
matches a group in the
system
l Add the group from your data

file to the system from the
Manage Groups page in the
Access Control feature.
Date does Your external data file contains a date that does Reformat the date value so that
not match not match the date format that you have specified it matches the format that you
expected for the import. selected in the Data Import
format Wizard.
Field is Your external data file is missing one or more Enter the required values in
required values for a required field. your import file or change the
field in your application so it is
no longer a required field.

Field Your external data file is missing a value for a Enter the required value in your
requires a Values List field that requires a selected value. data file or change the field in
selected your application so that it no
value longer requires a certain
number of value selections.
Imported Occurs if you are importing sub-form data, and Select a unique field value from
subform the field from the parent record that you selected the parent record to serve as the
record as the unique identifier contains non-unique data. application unique record
cannot have identifier.
multiple
parents
Invalid IP Your external data file contains a value for an IP Reformat the value.
Address Address field that is not correctly formatted.
Invalid key Occurs if you are updating records with a Cross- Ensure that the identifiers are
(s) for cross Application Status Tracking (CAST) field and do valid and unique.
application not specify valid, unique identifiers for the
status field parent-application and child-application records
for associated with the CAST field.
application
Invalid Your external data file contains a value for a Reformat the value correctly.
matrix Matrix field that is not formatted correctly.
format
Invalid Occurs if you are importing a value into a Change the value in your
number Numeric field that contains alphabetic external data file so it contains
characters. only numeric characters.
Invalid Occurs if you are doing an import update, and the Change the value in your data
tracking ID Tracking ID field in your external data file file so that it is a valid, unique
contains a value that is not a valid tracking ID for tracking ID for the import
the application into which you are importing. The application.
tracking ID value may not exist in the system, or
it may be a valid tracking ID for another
application.

Multiple Occurs if more than one field from your data Ensure that your application
columns are import file is mapped to the same application fields are mapped to different
mapped to field. If you are performing a sub-form data fields and that the import data
the same import, a field from your data import file may be fields are mapped to the sub-
field mapped to the same field as the parent record. form fields.
Number is Occurs if you are importing a value into a Examine the Numeric field in
larger than Numeric field that is above the maximum value your application to determine
maximum allowed for the field. the maximum value it allows
value and change the value in your
data file to fall at or below that
maximum value.
Number is Occurs if you are importing a value into a Examine the Numeric field in
smaller than Numeric field that is below the minimum value your application to determine
minimum allowed for the field. the minimum value it allows
value and change the value in your
data file to fall at or above that
minimum value.
Too many This error can occur:

cross
l If a record in your external data file contains l Examine the Cross-
references
more values for a Cross-Reference field than Reference field in your
the maximum number of value selections than application to determine how
that field allows. many values can be selected
l If the key field for the cross-referenced for the field, and reduce the
application is not unique and your Cross- number of values in your
Reference field maps to one of the non-unique data file so that they fit
values. within that limit.
l Verify that the key field of

the cross-referenced
application is unique.
Unsupported Occurs if you are importing new records and Select Do Not Import from the
import type attempt to import data into a Tracking ID field. list for the Tracking ID field in
the field mapping grid.

Unsupported Occurs if you are updating records with your data Select a field type for the key
link type import and you select a field type for the key field that can serve as the key
field that cannot serve as the key field for a field for a record.
record. Examples of field types that cannot serve
as the key field for a record include:
l First Published Date
l Last Updated Date
l Record Status
l Related Records
Data Feeds
Data Feed Manager is a flexible, code-free tool for aggregating data in RSA Archer GRC. Use the
tool to:
l Configure multiple, dynamic data feeds, and manage those feeds without relying on programming
resources.
l Build and configure dynamic integrations with external enterprise systems and files. From Data
Feed Manager, you can build a transport path between RSA Archer GRC and an external source
and then map the data from that source to an existing target application or questionnaire in RSA
Archer GRC.
l Configure the data feed to run on a schedule. After the initial configuration, the data feed
executes automatically with no need for you to intervene.
You can integrate data using Data Feed Manager for:

l Network and asset discovery data
l Vulnerability scan results
l Performance scorecards
l Incident reports
l Audit results and recommendations

Because RSA Archer GRC is vendor neutral and content independent, you can use RSA Archer
GRC as a point of consolidation for enterprise data of any type for supporting analysis and process
management. With a centralized view of data from point solutions, databases, spreadsheets, and
other sources, you can access content more easily that is relevant to your job functions. Re-purpose
data to support a variety of business processes.
Important: Before you begin a new integration project with Data Feed Manager, visit the RSA
Archer GRC Community on RSA Link. In the Integrations category, you can review prebuilt
integration packages from RSA Archer GRC and third-party providers such as Qualys, nCircle, and
Sendmail.
A data feed must be both active and valid to run. As you configure your data feed, Data Feed
Manager validates the information for you. If it is not valid, an error message appears. You can save
the data feed and correct the errors later. However, the data feed does not process until you have
corrected the errors and the data feed validates.
Data feed types
Important: To avoid potential conflicts with other data feeds, RSA suggests that you use a different
user account for each data feed. Additionally, if you plan to run multiple data feeds simultaneously,
create a unique name to prevent termination of session tokens.
Data Feed Manager supports standard and transport data feeds.

Feed
Description
Type
Standard Brings data from an external source into an application or questionnaire. This data feed
type requires that you define the fields, data format, and map the fields to the target in
the source file, in addition to the following:
l A report-based search for an application or questionnaire that contains the source
data that you want to import into another application or questionnaire.
l A user account set up as a Service account, which means this user account has all
necessary permissions to execute the data feed.
You can specify the following:

l Whether to send subscription notifications to specified users or groups when records
are modified.
l Whether to send a notification to specified users or groups when a data feed job
completes, identifying a successful or failed completion.
l The locale format of your source data, for example, different characters might be
used to indicate a decimal place.
Transport Locates a separate data file that contains additional instructions for launching
Only subsequent, standard data feeds.
l Requires a user account for the data feed and a target path for the separate data
file, but no additional data configuration.
l To simultaneously run multiple data feeds, create a unique name to prevent

termination of session tokens.
Data feed transporter types

The Data Feed Service (DFS) architecture accommodates the definition of various data retrieval
mechanisms. The following table describes the out-of-the-box transporters.
Transporter Description
Archer Web Accesses the Web Services API and retrieves data from an instance of RSA
Services Archer GRC. This transporter is used in Archer-to Archer data feeds.

Transporter Description
Database Returns results using an SQL query.

Query
DeepSight Uses the v2 Symantec web service to retrieve malicious code and vulnerabilities
2.0 threat feed data.
This transporter will soon become unusable because of deprecation by Symantec.
For DeepSight v4 data feeds that are available on the RSA Archer GRC
Community on RSA Link, use the DeepSight 4.0 transporter.
DeepSight Uses the v4 Symantec web service to retrieve security risk and vulnerability
4.0 SCAP data feeds.
File Retrieves delimited data files, including support for multi-file manifests.
FTP Retrieves data files using the FTP protocol.
HTTP Executes a GET or POST to retrieve data from an HTTP or HTTPS site.
iDefense Retrieves malicious code, vulnerabilities, and geopolitical threat feed data.
Mail Monitor Retrieves content from monitored email accounts.
RSS Retrieves records from a configured RSS feed.
Supported and unsupported field types for data mapping
Supported Field Types Unsupported Field Types
Attachment Access History
CAST Detail CAST Score Card
Cross-Reference Discussion
Date First Published Date
External Links History Log
Image Last Updated Date
Internal Reference MRDC (Must be populated through reference fields.)
IP Address Record Status
Matrix Voting

Supported Field Types Unsupported Field Types
Numeric
Record Permissions
Related Records
Sub-Form
Text
User/Groups List
Values List
Schema sources
The source for the schema of your data feed depends on which transporter you are using. The
following list identifies and describes the schema sources that are available for each of the out-of-
the-box transporters.
Source Description
Execute Executes the search in RSA Archer GRC and detects the source schema from the
Search results.
Recommended approach for an Archer-to-Archer data feed. Loads the source fields
directly from the report. When using this scheme, complete all required information on
the Transport and Navigation tabs.
Execute Executes the query specified on the Transport tab and detects the source schema from
Query the resulting record set.
Using this option may trigger actions in the database associated with this query.
Sample Uses a skeleton of your actual source data file. For example, if you are importing data
File from a .csv file, the source data file is a .csv file that includes the column names from
your source data. If you are importing data from an .XML file, the source data file
includes the structure of your .XML without the actual field values.
When you select the sample file, the Source Fields section populates with the fields
specified in the sample data file.
For the Archer Web Services Transporter, select a file from an external location that
contains the data in a same format as the report format.

Source Description
Load Loads the contents at the target URL and detects the source schema from the contents.
URL Using this option may trigger actions associated with accessing the target URL.
Standard Uses the standard mail schema.

Schema
Unique Identifiers
A unique identifier is a field, or a combination of fields, whose values in individual records are
different from all other records, thereby uniquely identifying the record. A compound unique
identifier means that all fields in the key must match the fields in the target application in order for a
match to occur.
By establishing a unique identifier, you instruct the Data Feed Manager on how to update existing
data in the application or questionnaire from the matching source data. After setting the order of the
key fields, the Data Feed Manager scans the data source for matches to each unique key in the
specified order. If any key is found to match the field in the target application than the record is
considered matched. If no match is found, the Data Feed Manager creates a new target application
or questionnaire record.
For example, you can select an IP Address field in a record to be your unique identifier. If a data
source record has a matching value for the target application field, the source record data updates
the target application record data. If no match is found, the data feed creates a new application
record.
Note: Matching logic includes text formatting when matching the key fields in the data feed source
to a record in the RSA Archer GRC database. When a data feed has two records with the same text,
but with different formatting tags, the records are distinguished as separate records.
Fields that act as unique identifiers for your data feed do not have to be the same as the key fields
for your target applications or questionnaires. The following table lists the field types from a target
application or questionnaire that can be selected as unique identifiers.
Text-Based Field Types List-Based Field Types
Text Values Lists
Numeric Record Permission
Date User Groups
IP Address Sub-form Fields
Tracking ID ("System ID" only)

Note: You can only use the Tracking ID field as a key field if it is configured as System ID. If
configured as Application ID, it is not available for use as a key field.
When selecting cross-reference or related records fields as unique identifiers, you must select a
field from the related application matching one of the above field types. For example, if you select
the Vulnerabilities cross-reference field, which cross-references the Vulnerabilities application, in
an Assets application, you also select a qualifying field from the Vulnerabilities application to serve
as a unique identifier.
Matching criteria for unique identifiers
Option Description
MatchExact Specifies that data source field must match the unique identifier value exactly for
the target record to be updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones" and a mapped
application field that is specified as a unique identifier has a value of "Renee Ellen
Jones," the target application record is not updated because it is not an exact match.
MatchAny Specifies that the source data must match at least one condition in the list-based
field for the target record to be updated.
For example, if a target application record has the values Blue and Green selected
in the field specified as the unique identifier, and the mapped field in the source data
includes only the value Blue, the record is updated because at least one of the
values matches.
MatchAll Specifies that the source data must match all of the conditions in the list-based field
for the target record to be updated.
For example, if the target application record has the values Blue and Green selected
in the field specified as the unique identifier, and the mapped field in the source data
includes the values Blue and Green, the record is updated. However, if the source
data includes only the value Blue, the record is not updated. A new target
application record is created instead because there is not a complete match.
Generating the Run Detail Report

The Detail report includes the specifics of the data feed run, including number of target, sub-form,
and child records that were created, updated, deleted and the number of failures for each.

Generate the detail report for a data feed
1. Go to the Schedule tab of the data feed that already been run.
b. Under Integration, click Data Feeds.
c. Select the data feed.
d. Click the Schedule tab.
2. In the Immediate Processing section, click Run Detail.
3. Review the report.
4. Click OK to close the report.
Running Data Feeds Now

The Run Data Feed Now option only runs the current data feed. This option does not force a data
feed referenced in another feed to run immediately.
Run the data feed now
1. Go to the Schedule tab of the data feed that you want to run.
2. In the Run Data Feed Now section, click Start.
Viewing the Execution History for Data Feeds

The Execution History page contains the following information:
l Name of the data feed
l Description of the data feed, if one has been provided
l Status of the data feed

l Start date and time of the data feed
l Date and time the data feed last completed an update
l Number of source rows processed
View the execution history of a data feed
1. Go to the Manage Data Feeds page.
2. Locate the data feed for which you want to view the Execution History.
3. Under the Actions column, click Report .
Archer-to-Archer Data Feeds

An Archer-to-Archer data feed provides the ability to pull data from one instance to another through
a report-based search.The source data is inserted in its raw or formatted state back into the same
application, a different application in the same instance, or an application in a different instance.
An Archer-to-Archer data feed uses the Archer Web Services Transporter. The Archer Web
Services Transporter accesses the RSA Archer Web Services API and retrieves data from the
specified instance or another instance of RSA Archer GRC. The user account running the search in
the API must have at least Read access to the report being used and the application. Record
permissions are evaluated as well, and could limit the source data retrieved from the application.
Report-based data feeds can use either the report ID or the report GUID during configuration.
Do not run the Archer-to-Archer data feed with the same account with which you are logged in. If
you use the same credentials, you will be logged out of your session in RSA Archer GRC.
For report-based data feeds, create a Global Report and click Apply in the source application.
Ensure that content exists for every field in the source application from which you want to import
data. If a field in the source application is empty, it will not be available for you to select in the data
feed. Use the report GUID when working with the data feed before closing the report.
Archer Web Services Transporter

The Archer Web Services Transporter must be configured with the same authentication method as
configured in Microsoft Internet Information Services (IIS) on the web server. If you do not know
the Microsoft IIS configurations, contact your system administrator before continuing.

Guidelines for designating the security credentials
l If IIS is configured for Anonymous authentication, use the Anonymous/Service Account User
option. When IIS is set to Anonymous authentication, the user account credentials are not sent
with the data feed request.
l If IIS is configured for Windows Integrated authentication, use either Anonymous/Service

Account User or Specific.
l If credentials are set to Anonymous/Service Account User, the service account running the
asynchronous job is sent with the data feed request.
l If credentials are set to Specific, the specified Windows account credentials are sent with the
data feed request.
You must also define the transport configuration for this transporter. The Web API uses the
following search types for processing data of a data feed:
Search
Description
Type
Report ID Retrieves data using the search report GUID or ID, which is provided in the search
results for the report.
Search Retrieves data using the module ID and a configuration string. This information is
XML obtained by running an XML search using an API call.
Statistic Retrieves data using the search statistical report GUID or ID, which is provided in
Report ID the search results for the statistical report.
Additionally, a data feed can access the source data through a proxy server and can handle post-
processing of the local copy of the source data.
Use the following tasks to add an Archer-to-Archer data feed:

l Adding Archer-to-Archer Standard Data Feeds
l Adding Archer-to-Archer Transport Only Data Feeds
Adding Archer-to-Archer Standard Data Feeds
Step 1: Add a standard data feed

2. Click Add New and do one of the following.
l To create a new data feed, select Create a new Data Feed from scratch.
l To create a data feed from an existing data feed, click Copy an existing Data Feed and select
a data feed from the Existing Data Feeds list.
3. Click OK.
4. In the General Information section on the General tab, enter the name, alias, and description.
5. From the Target list in the Feed Information section, select the application or questionnaire that
will receive the data from the external data source. If the application is leveled, select the level.
6. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of the new user account.
7. In the Feed Type field, click Standard.
8. (Optional) In the Notifications section, specify whether to send an email notification when
records are created or updated and when the job status changes.
Option Description
Send Select whether to have the data feed trigger notification emails when records
Notifications are published or updated. If notifications are not enabled in the selected target
application, no notification emails are sent when the data feed runs.
Send Job Select whether to have job status notifications sent to selected users or groups.
Status You can also select email addresses to receive job status notifications. If
Notifications selected, job status notifications are sent showing whether a job succeeded or
failed to run.
9. (Optional) In the Additional Properties section, specify a different locale for your source data
and whether to override the rules of saving a record defined in the application.

Option Description
Locale Specifies the country (language) format of your source data. Different cultures or
countries use different characters when formatting similar data.
Data Determines whether RSA Archer GRC performs data validations against the
Validation selected target application when saving a record. Selecting this option bypasses
validation that is based on field definition and configuration (with some
exceptions). This option applies regardless of whether you are targeting a
questionnaire or application.
RSA Archer GRC validates the following items regardless of whether this field is
selected:
l Attachment or image field - Validity of the file.
l Date/Time field - Minimum and maximum system values.
l Text field - Contains valid HTML.
l Field name - Uniqueness.

The required field settings are disregarded if you select to ignore the rules defined
within the target application. However, the unique selection cannot be ignored.
10. Click Apply.
Step 2: Define the transport method
1. Go to the Transport tab of the data feed you want to modify.
d. Click the Transport tab.
2. In the Transport Method field, select Archer Web Services Transporter.
3. In the Security section, do one of the following:
l Specify whether the current instance is set up for anonymous authentication.
l Specify whether the current instance uses Windows Authentication and enter the specific
credentials.

4. In Search Type, click Report ID or Statistics Report ID.
Note: If you want to use a data feed that was created in RSA Archer GRC 4.x, you must run an
XML Record Search, and select Search XML as the Search Type. For information on the XML
Search feature, see the Running an XML Record Search for an Archer-to-Archer Data Feed
topic in the RSA Archer GRC Online Documentation.
5. In the Report or Statistics Report field, enter the report ID.
l To run the report with Windows credentials, select the Use Windows Authentication option.
Single Sign-On (SSO) must be configured to use this option.
l To run the report by a specific user, enter the credentials of the account that will be running
the report in User Name and Password.
Note: Use the account that has access role rights to the search.asmx page. The account should
also be an application owner with full access permissions to the content of the applications. Do
not use the same account that you used to log on.
7. (Optional) In the Domain field, enter the name of the domain to be searched against.
8. In the Instance field, enter the instance name for the instance to be searched against. Use the
instance name and not the PIN.
9. (Optional) In the Proxy section, enter the credentials of the proxy server if the data feed
accesses the source data through a proxy server.
Option Description
No Proxy Indicates that the data feed does not pass through a proxy.
Use System Indicates that the Data Feed Service runs the feed with the proxy configuration
Proxy that is set up in the Control Panel.
Configure Indicates that the data feed must pass through a proxy. Continue with providing
Proxy the parameters for accessing the proxy.
10. (Optional) In the Post-Processing - Local Copy section, define the post-processing rules if the
data feed handles post-processing of the local copy of the source data.
To perform post-processing on the source file retrieved, in the Post-Processing - Local Copy
section, determine how the data feed should handle the local copy of the source data when the

integration is complete. In the On Success field, select from the following options.
Option Description
Nothing Does not alter the source file when the data feed successfully completes. If there is
a local copy of the source information, the local copy is deleted.

Option Description
Rename Saves the source file under a new name when the data feed successfully completes.
In Destination File, specify where the file should be saved and the new name for the
file.
To save the data, the path of the destination file must be accessible to the account
running the Job Engine service.
If you select this option, use filename tokens for specifying the location or name of
the file.
Filename tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the Rename
option, you can use tokens to generate unique names automatically for the files.
Here are the usable tokens for renaming data files.
Token Token Enables the Data Feed Manager to:
Now Insert a user-defined date format within the new
filename. Possible formats include Now(MM/dd/yyyy)
or Now(MMM-dd-yyyy). See the Microsoft .Net
Framework Developer Center for available custom
date/time formats.
DataFileDirectoryName Update the filename with the directory name, including

the drive, of your file.
DataFileName Insert the original filename, excluding the directory

name and extension.
DataFileExtension Insert the file extension, such as .csv, in the new

filename.
DataFileFullName Insert the fully qualified filename. This data includes

the drive, directory, filename, and extension of the
original file.
For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, files that have been renamed
using tokens would have the following output.

Option Description
Example 1
Input {DataFileDirectoryName}\success\{DataFileName}_{Now
Tokens (MM.dd.yyyy)}.{DataFileExtension}
Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv
Example 2
Input \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_
Tokens success.{DataFileExtension}
Output \\DFSRepository\2008\01\ThreatData_success.csv
11. Click Apply.
Step 3: Define the XML format of the source data

Use this task to transform the XML structure of the source file. The Xml File Iterator enables you to
import an XML file. You can also manipulate or restructure the data prior to importing.
1. Go to the Navigation tab of the data feed that you want to modify.
d. Click the Navigation tab.
2. In the Navigation Method list, select Xml File Iterator.
3. In the Xml File Definition section, select Transform.
4. In the Xml File Definition section toolbar, click Load Transform.

Note: You must load a transform. A default transform is included with the installation. If you
require additional data transformation, you can develop your own XSLT. For more information
on XML formatting guidelines and samples, see the appendix "XML Formatting Used in Field
Results and Input" in the RSA Archer Web Services API Reference Guide that you can
download from the RSA Archer Community.
l Select Default to load the out-of-the-box transform file. This option is typically used.
l Select File if you require additional data transformation and want to develop your own XSLT.
6. Click OK.
7. Click Apply.
Step 4: Configure the source data

Use the options on the Source Definition tab to configure the source data to ensure that only the data
you want is included with the data feed. The Source Data tab is available only for Standard data
feed types.
Data options
l Import the data “as is” into RSA Archer GRC or execute modifications and calculations against
the data to convert the incoming data into a format that matches the requirements of the
application or questionnaire it is imported into. Use several advanced options, such as lookup
translations and calculations, to prepare and modify the data to meet your individual business
needs.
l Filter data so that only what you want to receive is imported into the target application or
questionnaire. By not defining filters on the Data Filter tab, you instruct Data Feed Manager to
return all records in the data feed. Use operator logic to add filters to include only records
meeting certain criteria in the data feed process.
l Capture tokens of data from the last execution of a data feed that can be used during the next run
to identify which data to retrieve. On the Tokens tab, you can add, edit, or delete token values in
preparation of the next data feed execution.
1. Go to the Source Data tab of the data feed that you want to modify.

d. Click the Source Definition tab.
e. Click the Source Data tab.
2. In the Source Field title bar, click Load Fields.
3. Define the Schema Source for retrieving the sample data file and click OK. This file contains
the list of source fields and is dependent on the transport method.
following list identifies and describes the schema sources that are available for each of the out-
of-the-box transporters.
Source Description
Execute Executes the search in RSA Archer GRC and detects the source schema from the
Search results.
Recommended approach for an Archer-to-Archer data feed. Loads the source fields
directly from the report. When using this scheme, complete all required information
on the Transport and Navigation tabs.
Sample Uses a skeleton of your actual source data file. For example, if you are importing
File data from a .csv file, the source data file is a .csv file that includes the column
names from your source data. If you are importing data from an .XML file, the
source data file includes the structure of your .XML without the actual field values.
For the Archer Web Services Transporter, select a file from an external location
that contains the data in a same format as the report format.
4. In the first line in the Source Fields section, select the appropriate field option for the record
definition.
5. In the Field type list for the remaining source fields, select the application option.
6. Click Apply.

Step 5: Define data tokens
1. Go to the Tokens tab of the data feed that you want to modify.
e. Click the Tokens tab.
2. (Optional) Click Add New to add an additional token.
3. In the Value field of the token that you want to modify, enter the updated value.
4. (Optional) Click in the row of the token that you want to remove.
5. Click Apply.
Step 6: Map the source fields to the target fields
1. Go to the Field Map tab of the data feed that you want to modify.
d. Click the Data Map tab.
e. Click the Field Map tab.
2. Map the source field to the applicable application or questionnaire. Do the following:
l Click Auto-Populate to map the source fields to application or questionnaire fields. This option
maps fields from the data source to application or questionnaire fields that have the same
name. Auto-populate occurs on level 1 fields only. Additionally, if there is an exact name
match between the source field and the target field, and the field type is one of the following,
the field is not auto-populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.

l Drag each source field and drop it next to the application or questionnaire field in the Target
Fields section. For target fields that have a field type of cross-reference, sub-form, or related
records, map the fields expanded under these field types. You cannot directly map to a target
field with any of these field types.
3. (Optional) Do the following to configure the mapped fields.
a. In the Actions column, click .
b. Complete the options for the selected field type.
4. (Optional) Assign a trust level to your source data for a mapped field, enter a value from 0 to 99
in the Trust Level column of the field.
l To delete a mapping for a single field, click in the Actions column of the field that you want
to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings located in the
Target Fields title bar.
6. Click Apply.
Step 7: Define key fields
1. Go to the Key Field Definition tab of the data feed that you want to modify.
e. Click the Key Field Definitions tab.
2. In the Reference Field section, select the field that requires a key field definition.
Note: The Reference Field section contains the target application or questionnaire and any
mapped cross-reference, related records, CAST, or sub-form fields that require the creation of a
key field definition.

3. In the Key Field Definitions title bar, click Add New Key.
Note: You can use the Key Field Definitions section to define the unique key identifiers and the
data feed actions during the feed execution.
4. In the Field Name field, select a target application or questionnaire field that uniquely identifies
the record.
5. (Optional) Assign compound unique identifiers for the record. Do the following:
b. From the Available Fields list, select the fields.
c. Click OK.
6. (Optional) In the Actions column, do one or more of the following:
l Click Add New to add multiple unique identifiers to the key field definition.
l Click in the Actions column to add unique identifiers in a hierarchical structure for sub-
form field types.
Note: After setting the order of key fields, the Data Feed Manager scans the data source file for
matches to each unique identifier in the specified order. When any key field is found as a match
to a field in the target application, the record is considered matched.
7. From the Action list, select the applicable option for the matching criteria for the unique
identifier.
8. Click Apply.
Step 8: Set rules for archiving and updating records

You can use the update and archive options to update existing records, create new records, or both.
In addition, when target records in RSA Archer GRC cannot match records in the external data
source, you can select to modify or delete those records. This option can be useful if you are
deferring the accuracy and current status of your data to the external system. By deleting or
modifying records in the system that are not in your external data source, you ensure that both the
external source and the system are synchronized.

1. Go to the Update/Archive tab of the data feed that you want to modify.
e. Click the Update/Archive tab.
2. In the Update Options section, select whether to create or update records in the target
application.
Update configuration options
Option Description
Create Create new records for data found in the source file and not in the target application
or questionnaire.
Update Updates records in the target application or questionnaire when a unique identifier
match exists in the source file. If you are also selecting the Archive Option of
Delete and want to retain existing records, make sure to select the Update option.
3. In the Archive Options section, select what happens when the matching record is not found in the
target application.
Archive configuration options
Option Description
None Does nothing when a matching record is not found.
Delete Deletes records in the target application or questionnaire when a matching record is
not in the source data. If you want to retain existing records, also select the Update
option.
Records are matched by a unique identifier only during the update process. If you
want to retain existing records while archiving the target application, also select
Update in Update Options. If you do not select the Update option, all records in the
target application will be permanently deleted.

Option Description
Set Sets a value in a Values List field in a record whenever the external data file does
Value not contain a matching record.
Use this option to set a Values List to a value that identifies this record as Inactive
or Not Current. For example, a Devices application with a record for a specific
laptop and the external data file does not have a matching record for that laptop. You
can use this option to set a Values List field in the laptop record to the value
Inactive.
When you select this option, you also select the Values List field in the target
application or questionnaire and the value that you want to set in that field.
You cannot set the value in the Values List field of the target leveled application
under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

In most scenarios, RSA recommends selecting the Set Value option and flagging
these records with a specific value rather than deleting them. For example, you can
add a field to your application called Status and include the values Current and
Archived. If a data feed cannot find a matching record in the data source with a
system record, the system record could be updated to have a value of Archived for
the Status field.
4. Click Apply.
Step 9: Define the data feed schedule

You can set up data feeds to run automatically at regular intervals. This reduces the time and effort
required to import data from an external file. You can initiate data feeds at various times and
configure them to run in regular increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. You can schedule a
maximum of 10 data feeds to run at a time. If more than 10 data feeds are scheduled, each remaining
data feed executes as the previous one completes.
A reference feed allows you to specify another feed. This indicates to the Data Feed Service that
this feed will start executed as soon as the referenced feed completes successfully.
Important: When you configure an iDefense or DeepSight threat data feed, you need to set specific
parameters to connect the threat feed properly with your RSA Archer GRC instance.

1. Go to the Schedule tab of the data feed that you want to modify.
2. Go to the Recurrences section and complete frequency, start and stop times, and time zone.

Field Description
Frequency Specifies the interval in which the data feed runs, for example, Minutely, Hourly,
Daily, Weekly, Monthly, or Reference.
Minutely Runs the data feed by the interval set.

For example, if you specify 45 in the Every list, the data feed
executes every 45 minutes.
Hourly Runs the data feed by the interval set, for example, every hour (1),
every other hour (2) and so forth.
Daily Runs the data feed by the interval set, for example, every day (1),
every other day (2) and, so forth.
Weekly Runs the data feed based on a specified day of the week, for
example, every Monday of the first week (1), every other Monday
(2), and so forth.
Monthly Runs the data feed based on a specified week of the month, for
example, 1st, 2nd, 3rd, 4th, or Last.
Reference Runs a specified data feed as runs before the current one. This
option indicates to the Data Feed Service that this data feed starts
as soon as the referenced data feed completes successfully.
For example, you can select to have a Threats data feed run
immediately after your Assets data feed finishes. From the
Reference Feed list, select after which existing data feed the
current data feed starts.
A reference data feed will not run when immediately running a data
feed. The Run Data Feed Now option only runs the current data
feed.
Every Specifies the interval of the frequency in which the data feed runs.
Start Specifies the time the data feed starts running.

Time
Start Date Specifies the date on which the data feed schedule begins.
Time Specifies the time zone in of the server that runs the data feed.
Zone
3. Click Save.

Adding an Archer-to-Archer Transport Only Data Feed
Note: If you want to use a data feed that was created in RSA Archer GRC 4.x, you must run
an XML Record Search, and select Search XML as the Search Type. For information on the XML
Search feature, see the Running an XML Record Search for an Archer-to-Archer Data Feed topic in
the RSA Archer GRC Online Documentation.
Example: Archer-to-Archer data feed - XML search for transport only

This example shows the values of a data feed for the Archer Web Services Transporter using an
XML search to retrieve data from the RSA Archer Web Services API. The example shows the
settings for each property of the data feed and running the data feed without a schedule.
Tab Section Field Value Notes
Gener General Name user defined The unique name of the data feed,
al Informati for example, AWS Transport
on ONLY Data Feed.
Alias default By default, the Alias is the same

as the Name, for example, AWS_
TO_Data Feed. The Alias name
designates the name of the folder
for this data feed in the home
directory.
Status Active The data feed must have an

Active status to run.
Feed User user defined The user name under which the
Informati Name data feed will run, for example,
on AWS_Transport_Only. This user
must have access to the Web
Service API and the XML search
report. The user name cannot be
the same as the user who is
currently logged in.
Feed Transport Only

Type

Target user defined The name and location of the file

Path being transported, for example,
AWS.xml.
Transp Transport Transport Archer Web Service

ort Method Transporter
Security URL [http://yoursiteURL/ws/sear For example, http://qa-

ch.asmx] web10.archerlab.local:8000/ws/se
arch.asmx. Replace yoursiteURL
with your actual URL to the RSA
Archer GRC instance.
Use select the option for the Anonymous/Service Account

Credentia current instance User: Select if the current
ls instance is set up for anonymous
authentication.
Specific: Select if the current
instance is set up for windows
authentication. You will need to
provide: User Name and
Password for Windows
authentication. The Domain is
optional.
Transport Search Search XML

Configura Type
tion
User user defined The user who has access to the

Name RSA Archer Web Services API
and the report.
Password user defined The password for the user in

which the data feed will run.
Instance user defined For example, South Beach.
Records 10,000 Recommendation to ensure fewer

Per File files need to be retrieved in the
API call.

Applicati system defined From the Record Search in RSA

on GUID Archer GRC, for example,
C6A312AC-F4F1-4F33-BCFD-
CE30232400C5.

Configura For Example:

tion <Search><ReturnDomain
String value="1"/><ShowFieldName
value="1"/><Display><Field
id="35097"/><Field
id="35096"/><Field
id="35047"/><Field
id="35061"/><Field
id="35057"/><Field
id="35046"/><Field
id="35081"/><Field
id="35094"/><Field
id="34977"/><Field
id="34985"/><Field
id="34998"/><Field
id="34997"/><Field
id="34989"/><Field
id="34988"/><Field
id="34987"/><Field
id="34986"/><Field
id="34984"/><Field
id="34981"/><Field
id="34996"/><Field
id="34995"/><Field
id="34994"/><Field
id="34993"/><Field
id="34992"/><Field
id="34991"/><Field
id="34990"/><Field
id="34980"/><Field
id="35009"/><Field
id="35031"/><Field
id="35029"/><Field
id="35026"/><Field
id="35028"/><Field
id="35024"/><Field
id="35027"/><Field
id="35025"/><Field

id="35051"/><Field
id="35037"/><Field
id="34979"/><Field
id="35032"/><Field
id="34978"/><Field
id="35039"/><Field
id="35022"/><Field
id="35021"/><Field
id="35038"/><Field
id="35020"/><Field
id="35042"/><Field
id="35007"/><Field
id="35045"/><Field
id="35044"/><Field
id="35043"/><Field
id="35002"/><Field
id="34999"/><Field
id="35104"/><Field
id="35107"/><Field
id="35108"/><Field
id="35105"/><Field
id="35106"/><Field
id="35109"/><Field
id="35110"/><Field
id="35115"/><Field
id="35117"/><Field
id="35112"/><Field
id="35113"/><Field
id="35111"/><Field
id="35065"/><Field
id="35116"/><Field
id="35114"/></Display></Search>
Proxy Proxy user defined Select the applicable option if

Options using a proxy server for running
the data feed.

Sched Immediat Run Data Start Click Start to run the data feed.
ule e Feed
Processin Now
g
Step 1: Add a transport data feed
c. Click Add New.
l To add a new data feed from scratch, click Create a new Data Feed from scratch.
l To add a new data feed from an existing data feed, click Copy an existing Data Feed and
select the data feed you want to copy.
3. Click OK.
5. In the Feed Information section, click Transport Only.
Option Description
Standard Integrates data from an external source into an application or questionnaire.
Transport Locates a specific data file. This file contains additional instructions for launching
Only subsequent, standard data feeds. With this data feed type, the data feed only
completes the Transport and Navigation activities. The Source Definition and Field
Mapping activities are not allowed. Processing of the data feed does not attempt to
process the data.

Important: If you intend to use the data feed as part of a convoy, or you are troubleshooting the
data being pulled, select the Transport Only option. This option enables you to use a transform to
manipulate the data being returned by bringing the source data in as a flat file and then configure
a subsequent XML-based feed that includes an XSLT file. For more information on XML
formatting guidelines and samples, see the appendix “XML Formatting Used in Field Results and
Input” in the RSA Archer Web Services API Reference Guide that you can download from the
RSA Archer Community.
6. In the User Name list, do one of the following:
When you save your data feed settings, the Data Feed Manager automatically creates the new
user account.
7. In the Target Path field, enter the path where you want to store the output file of the Transport
Only data feed.
8. Click Apply.
Step 2: Set up a report search
1. Go to the Transport tab of the data feed you want to modify.
2. In the Transport Method field, select Archer Web Services Transporter.
3. In the Security section, do one of the following:
l Specify whether the current instance is set up for anonymous authentication.
l Specify whether the current instance uses Windows Authentication and enter the specific
credentials.
4. In Search Type, click Report ID or Statistics Report ID.

Note: If you want to use a data feed that was created in RSA Archer GRC 4.x, you must run an
XML Record Search, and select Search XML as the Search Type. For information on the XML
Search feature, see the Running an XML Record Search for an Archer-to-Archer Data Feed
topic in the RSA Archer GRC Online Documentation.
5. In the Report or Statistics Report field, enter the report ID.
l To run the report with Windows credentials, select the Use Windows Authentication option.
Single Sign-On (SSO) must be configured to use this option.
l To run the report by a specific user, enter the credentials of the account that will be running
the report in User Name and Password.
Note: Use the account that has access role rights to the search.asmx page. The account should
also be an application owner with full access permissions to the content of the applications. Do
not use the same account that you used to log on.
7. (Optional) In the Domain field, enter the name of the domain to be searched against.
8. In the Instance field, enter the instance name for the instance to be searched against. Use the
instance name and not the PIN.
9. (Optional) In the Proxy section, enter the credentials of the proxy server if the data feed
accesses the source data through a proxy server.
Option Description
10. (Optional) In the Post-Processing - Local Copy section, define the post-processing rules if the
data feed handles post-processing of the local copy of the source data.

Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
11. Click Apply.


Field Description

(2), and so forth.
feed.

Field Description

Time
Zone
3. Click Save.
Database Query Data Feeds

The Database Query Transporter data feed enables you to pull data directly from a database by
query and insert the data in its raw or manipulated state into a RSA Archer GRC instance.
The numerous types of supported database connections are Odbc, OleDb, Oracle, SQL, and many
others. As long as the connection string is configured successfully and the client driver is installed
on the system, RSA Archer GRC can integrate regardless of the database type.
A Database Query Transporter data feed can be configured as a standard or transport data feed type.
Use the following tasks to add a database query data feed:
l Adding Standard Database Query Data Feeds
l Adding Transport Only Database Query Data Feeds
Adding Standard Database Query Data Feeds

3. Click OK.
Option Description
failed to run.
Option Description

Option Description
selected:

10. Click Apply.
Important: For the data feed to execute successfully, the server responsible for running the data
feed must have the required network access to the database.
1. Set up a report-based search for an application or questionnaire that contains the source data that
you want to import into another application or questionnaire.
Note: If the data feed uses the Database Query transporter in a multiple server environment, you
must install the data provider on all servers.
2. Go to the Transport tab of the data feed that you want to modify.
c. In the Name column, click the data feed.

3. From the Transport Method list, select Database Query Transporter.
4. In the Database Configuration section, complete the configuration options.
Option Description
Provider Specifies the data provider based on the type of connection string used.
If Oracle dotConnect is the data provider, you do not need to install the drivers
for Oracle because these drivers are included in the RSA Archer GRC
installation. To determine the connection string for this data provider, go to the
following URL:
http://www.devart.com/dotconnect/oracle/docs/Devart.Data.Oracle~
Devart.Data.Oracle.OracleConnection~ConnectionString.html.
Connection Specifies the timeout parameter in seconds to force the feed to fail because of
Timeout long-running queries.
Connection Allows the data feed to locate and access the database and retrieve the specified
String source data.
User Specifies the user name for an account that has access to query the database if
Name one was not inserted as part of the connection string in the previous step.
Password Specifies the password for an account that has access to query the database if
one was not inserted as part of the connection string in the previous step.
Query Specifies the query that you want to execute against the database.
You can also execute a stored procedure by entering it in the Query field. This
field cannot be longer than 4,000 characters.
The following figure shows a stored procedure that you can execute.
Contact your database administrator prior to executing any queries against the
corporate data of your company . If you configure the query string incorrectly,
you may alter the data stored in the database.
Always verify your results by manually running the query directly against the
database first.
5. In the Post-Processing - Local Copy section, determine how the data feed should handle the local
copy of the source data after the integration completes.

Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
In the On Success field, select Nothing or Rename to either remove or save the source file.
l If you selected Nothing, continue to the next step.
l If you selected Rename, enter the location and name of the new file you want to save in the
Destination File field.
6. Click Apply.
Step 3: Define the XML file for the source data

This task applies only to Standard data feed types and to whether you need to transform the XML
structure of the source file.
The Xml File Iterator enables you to import an XML file. You can also manipulate or restructure the
data prior to importing.

2. In the Navigation Method list, select Database Query Iterator.
on XML formatting guidelines and samples, see the appendix XML Formatting Used in Field
Results and Input in the RSA Archer Web Services API Reference Guide that you can download
from the RSA Archer Community.
6. Click OK.
7. Click Apply.

feed types.
Data options
needs.

Source Description
Execute Executes the query specified on the Transport tab and detects the source schema
Query from the resulting record set.
Using this option may trigger actions in the database associated with this query.

definition.
6. Click Apply.
Step 5: Define data filters

Use data filters to limit the number of records retrieved from your source data. If no filters are
defined, the Data Feed Manager returns all records. After a filter has been added, only those records
meeting the defined criteria are included in the data feed. You can combine your data filters through
advanced operator logic to provide additional filters to your data.
Important: Do not use this option for an Archer-to-Archer data feed. RSA recommends that you
filter the report data instead.
1. Go to the Data Filter tab of the data feed that you want to modify.
e. Click the Data Filter tab.
2. In the Sources column, select the source name to which you want to apply a filter.
3. From the Field Name list, select the field name from your data source to which you want to
apply a filter.
4. From the Operator list, select an operator to define which type of filter you want to apply to the
source data.
5. In the Values column, enter a value based on your selection in the Operator column.
6. (Optional) In the Advanced operator logic field, enter the custom operator logic to create custom
operator logic to form relationships between the individual filters.

7. Complete either of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data Filter section title
bar.
l To remove a data filter, in the Actions column of the filter you want to remove, click .
8. Click Apply.

apply a filter.
source data.

bar.
8. Click Apply.
reference, or CAST.

to remove.
6. Click Apply.
the record.

c. Click OK.
form field types.
identifier.
8. Click Apply.


application.
Option Description
or questionnaire.
target application.
Option Description
option.

Option Description
Inactive.

the Status field.
4. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

Adding Transport Only Database Query Data Feeds
c. Click Add New.
3. Click OK.
Option Description
process the data.

user account.
Only data feed.
8. Click Apply.
feed must have the required network access to the database.
1. Set up a report-based search for an application or questionnaire that contains the source data that
you want to import into another application or questionnaire.
Note: If the data feed uses the Database Query transporter in a multiple server environment, you
must install the data provider on all servers.
c. In the Name column, click the data feed.
3. From the Transport Method list, select Database Query Transporter.
4. In the Database Configuration section, complete the configuration options.

Option Description
Provider Specifies the data provider based on the type of connection string used.
If Oracle dotConnect is the data provider, you do not need to install the drivers
for Oracle because these drivers are included in the RSA Archer GRC
installation. To determine the connection string for this data provider, go to the
following URL:
http://www.devart.com/dotconnect/oracle/docs/Devart.Data.Oracle~
Devart.Data.Oracle.OracleConnection~ConnectionString.html.
Connection Specifies the timeout parameter in seconds to force the feed to fail because of
Timeout long-running queries.
Connection Allows the data feed to locate and access the database and retrieve the specified
String source data.
User Specifies the user name for an account that has access to query the database if
Name one was not inserted as part of the connection string in the previous step.
Password Specifies the password for an account that has access to query the database if
one was not inserted as part of the connection string in the previous step.
Query Specifies the query that you want to execute against the database.
You can also execute a stored procedure by entering it in the Query field. This
field cannot be longer than 4,000 characters.
The following figure shows a stored procedure that you can execute.
Contact your database administrator prior to executing any queries against the
corporate data of your company . If you configure the query string incorrectly,
you may alter the data stored in the database.
Always verify your results by manually running the query directly against the
database first.
5. In the Post-Processing - Local Copy section, determine how the data feed should handle the local
copy of the source data after the integration completes.

Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
In the On Success field, select Nothing or Rename to either remove or save the source file.
6. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

File Data Feeds

The File data feed enables you to pull data directly from a flat file and insert that data in its raw or
manipulated state into the RSA Archer GRC instance.
The source files must delimited text files or XML files. You can use an XSLT to transform your
XML data into a consumable format. The Data Feed Manager can access files located on a network
server that is accessible to the Data Feed Manger. For example, a delimited file must reside on the
network server rather than your personal computer.
feed must have the required access to the files.
A File Transporter data feed can be configured as a standard or transport data feed type.
Use the following tasks to add a file data feed:
l Adding Standard File Data Feeds
l Adding Transport Only File Data Feeds
Adding Standard File Data Feeds
Step 1: Add a data feed
3. Click OK.

Option Description
failed to run.
Option Description

Option Description
selected:

10. Click Apply.
2. From the Transport Method list, select File Transporter.
3. In the Transport Configuration section, complete the configuration options.
Option Description
Single References a single data file. This option requires you to specify a path in the Path
Data field. You can filter which files to process by entering a standard file expression in
File the File Filter field.

Option Description
Manifest Points the Data Feed Manager to a file that contains instructions for locating a
File series of data files. This option requires you to specify a path in the Path field. You
can filter which files to process by entering a standard file expression in the File
Filter field.
Zip File References a .zip file. The .zip file can be a single, compressed data source file or
a collection of files. This option requires you to specify a path in the Path field. You
can filter which files from the .zip file to process by entering a standard file
expression in the File Filter field. Use the Encryption Type list to identify the
encrypted file type, if any. If the encrypted .zip file is password protected, enter the
password in the Password field.
4. (Optional) In the Post-Processing section, determine how the data feed should handle the source
information when the integration is complete.
To perform post-processing on the source file retrieved, in the Post Processing section, determine
how the data feed should handle the local copy of the source data when the integration is
complete.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.
Example 1

Option Description
01.31.2008.csv
Example 2
Delete Deletes the source file when the data feed completes successfully.
This option is available only for File and FTP transport methods.
5. (Optional) In the Post-Processing - Local Copy section, determine how the data feed should
handle the local copy of the source data when the integration is complete.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
7. Click Apply.
Step 3: Define the file format of the source data

Option 1: Define delimited text files

2. In the Navigation section, select Delimited Text File Iterator.
3. In the File Definition section, select the encoding and delimiters to match the source file.
Text encoding format options
Format Description
Quote Specifies the character that is used to identify quotes in your source data.
Identifier
Escape Specifies the character that is used to escape from normal data into control data.
Sequence
Record Specifies the control code that is used to identify a new record in your source data.
Delimiter
Skip Indicates the number of lines that the Data Feed Manager should ignore in the
Record source data before finding data. For example, if the first row in your source data
Count contains column names, you type "1" so that the Data Feed Manager ignores this
row and moves to the next row to start reading data.
Field Specifies the character that is used to identify a new field in your data source. If
Delimiter you select Other, type the character you want to use.
List Specifies the character that is used to identify a new list in your data source. If you
Delimiter select Other, type the character you want to use.
Leveled Specifies the character that is used to identify a new leveled list in your data
List source. If you select Other, type the character you want to use.
Delimiter
4. Click Apply.
Option 2: Define the XML format

on XML formatting guidelines and samples, see the appendix 'XML Formatting Used in Field
6. Click OK.
7. Click Apply.

feed types.
Data options
needs.

3. Select the file that contains the data you want to load and click Open.
definition.
6. Click Apply.


apply a filter.
source data.
bar.
8. Click Apply.

5. Click Apply.
reference, or CAST.

to remove.
6. Click Apply.
the record.
c. Click OK.

form field types.
identifier.
8. Click Apply.


application.
Option Description
or questionnaire.
target application.
Option Description
option.

Option Description
Inactive.

the Status field.
4. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

Adding Transport Only File Data Feeds
c. Click Add New.
3. Click OK.
Option Description
process the data.

user account.
Only data feed.
8. Click Apply.
2. From the Transport Method list, select File Transporter.
3. In the Transport Configuration section, complete the configuration options.
Option Description
Filter field.

information when the integration is complete.
complete.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.
Example 1

Option Description
01.31.2008.csv
Example 2
handle the local copy of the source data when the integration is complete.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
7. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

FTP Data Feeds

The FTP data feed enables you to pull data files using the FTP protocol, and insert that data in its
raw or manipulated state into the RSA Archer GRC instance.
The source files can be delimited text files or XML files. You can use an XSLT to transform your
XML data into a consumable format.
An FTP Transporter data feed can be configured as a standard or transport data feed type.
Use the following tasks to add an FTP data feed:
l Adding Standard FTP Data Feeds
l Adding Transport Only FTP Data Feeds
Adding Standard FTP Data Feeds
3. Click OK.

Option Description
failed to run.
Option Description
selected:

10. Click Apply.

2. From the Transport Method list, select FTP Transporter.
3. In the Transport Configuration section, select the File Type.
Option Description
Filter field.
4. (Optional) In the Proxy field, select the applicable proxy option.
Option Description

Option Description
5. (Optional) Complete the applicable fields if you selected a proxy option.
Field Description
Name Specifies the proxy server name
Port Specifies the port ID of the proxy server.
Domain Specifies the domain of the proxy server.
User Specifies the name of the user who has credentials for logging on to the proxy
Name server.
Password Specifies the password of the credentialed user.
information when the integration is complete. In the On Success field, select one of the following
options:
complete.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.
Example 1

Option Description
01.31.2008.csv
Example 2
handle the local copy of the source data when the integration is complete. In the On Success
field, select one of the following options.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
9. Click Apply.


Format Description
Identifier
Sequence
Delimiter
Delimiter
4. Click Apply.

6. Click OK.
7. Click Apply.

feed types.
Data options
needs.

definition.
6. Click Apply.


apply a filter.
source data.
bar.
8. Click Apply.

5. Click Apply.
the record.
c. Click OK.

form field types.
identifier.
8. Click Apply.
the record.

c. Click OK.
form field types.
identifier.
8. Click Apply.


application.
Option Description
or questionnaire.
target application.
Option Description
option.

Option Description
Inactive.

the Status field.
4. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

Adding Transport Only FTP Data Feeds
c. Click Add New.
3. Click OK.
Option Description
process the data.

user account.
Only data feed.
8. Click Apply.
2. From the Transport Method list, select FTP Transporter.
3. In the Transport Configuration section, select the File Type.
Option Description
Filter field.

Option Description
Field Description
Name server.
information when the integration is complete. In the On Success field, select one of the following
options:
complete.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.
Example 1

Option Description
01.31.2008.csv
Example 2
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
9. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

HTTP Data Feeds

The HTTP Transporter data feed enables you to execute a GET or POST to retrieve data from an
HTTP or HTTPS site. The data is inserted in its raw or manipulated state into the RSA Archer GRC
instance.
The source files must be text delimited files or XML files. You can use an XSLT to transform your
XML data into a consumable format.
An HTTP Transporter data feed can be configured as a standard or transport data feed type.
Important: If data is from an external HTTP or HTTPS site, you must be able to access that
external site from the server running the services for the data feed to execute successfully.
Use the following tasks to add an HTTP data feed:

l Adding Standard HTTP Data Feeds
l Adding Transport Only HTTP Data Feeds
Adding Standard HTTP Data Feeds
3. Click OK.

Option Description
failed to run.
Option Description

Option Description
selected:

10. Click Apply.
2. From the Transport Method list, select HTTP Transporter.
3. In the Transport Configuration section, the complete the File Type, Action Type, and File Filter
fields.

Available
Description
selections
Single Data References a single data file. This option requires you to specify a path in the
File Path field. You can filter which files to process by entering a standard file
expression in the File Filter field.
File series of data files. This option requires you to specify a path in the Path field.
You can filter which files to process by entering a standard file expression in the
File Filter field.
Zip File References a .zip file. The .zip file can be a single, compressed data source file
or a collection of files. This option requires you to specify a path in the Path
field. You can filter which files from the .zip file to process by entering a
standard file expression in the File Filter field. Use the Encryption Type list to
identify the encrypted file type, if any. If the encrypted .zip file is password
protected, enter the password in the Password field.
Get Uses the GET type of HTTP request. This type adds the parameters on the query
string.
Put Uses the POST type of HTTP request. This type includes the parameters as form
parameters on the request.
4. In the Logon Properties section, enter the applicable credentials for logging on to the HTTP site.
Option Description
Use Specifies whether the HTTP site allows public access or restricts access to the
Credentials data.
l Anonymous. Allows public access to the data.
l Specific. Restricts access to the data. From the Specify Credentials options,
specify from which authorized account to make the HTTP request, and enter
the credentials for the appropriate account.

Option Description
Specify Specifies the authorized account that makes the HTTP request.
Credentials
l Data Feed Service
l Other (when you select this option, you must specify the user name, password,
and domain.)
User Specifies the user name for a separate account to make request to the HTTP site.
Name
Password Specifies the password for a separate account to make request to the HTTP site.
Domain Specifies the domain for a separate account to make request to the HTTP site.
5. In the Data Request Properties section, complete the following fields.
Option Description
Data Specifies the uniform resource identifier (URI) of the HTTP or HTTPS site that
Request contains the data you want to import. This field also allows you to specify a port,
URI for example, http://company-server:8080/httpFeed/.
Header Specifies the key/value pair that may be required as part of your Get or Put
Parameters operation in Header Parameters.
To add another header parameter, click Add New. To remove a header
parameter, click in the row of that header parameter.
Post Data Specifies the posting data.

This field is available only if you have selected Put as the Action Type.
6. (Optional) In the Proxy Options field, select the applicable proxy option.
Option Description

Field Description
Name server.
Option Description
file. For information on using filename tokens when renaming files, see Filename
Tokens.
l If you have selected Nothing, continue to the next step.
l If you have selected Rename, enter the location and name of the new file you want to save in
the Destination File field.
10. Click Apply.


Format Description
Identifier
Sequence
Delimiter
Delimiter
4. Click Apply.

6. Click OK.
7. Click Apply.

Source Description
Load Loads the contents at the target URL and detects the source schema from the
URL contents.
Using this option may trigger actions associated with accessing the target URL.
definition.
6. Click Apply.


apply a filter.
source data.
bar.
8. Click Apply.

5. Click Apply.
reference, or CAST.

to remove.
6. Click Apply.
the record.

c. Click OK.
form field types.
identifier.
8. Click Apply.


application.
Option Description
or questionnaire.
target application.
Option Description
option.

Option Description
Inactive.

the Status field.
4. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

Adding Transport Only HTTP Data Feeds
c. Click Add New.
3. Click OK.
Option Description
process the data.

user account.
Only data feed.
8. Click Apply.
2. From the Transport Method list, select HTTP Transporter.
3. In the Transport Configuration section, the complete the File Type, Action Type, and File Filter
fields.
Available
Description
selections
Single Data References a single data file. This option requires you to specify a path in the
File Path field. You can filter which files to process by entering a standard file
expression in the File Filter field.
File series of data files. This option requires you to specify a path in the Path field.
You can filter which files to process by entering a standard file expression in the
File Filter field.

Available
Description
selections
Zip File References a .zip file. The .zip file can be a single, compressed data source file
or a collection of files. This option requires you to specify a path in the Path
field. You can filter which files from the .zip file to process by entering a
standard file expression in the File Filter field. Use the Encryption Type list to
identify the encrypted file type, if any. If the encrypted .zip file is password
protected, enter the password in the Password field.
Get Uses the GET type of HTTP request. This type adds the parameters on the query
string.
Put Uses the POST type of HTTP request. This type includes the parameters as form
parameters on the request.
4. In the Logon Properties section, enter the applicable credentials for logging on to the HTTP site.
Option Description
Use Specifies whether the HTTP site allows public access or restricts access to the
Credentials data.
l Anonymous. Allows public access to the data.
l Specific. Restricts access to the data. From the Specify Credentials options,
specify from which authorized account to make the HTTP request, and enter
the credentials for the appropriate account.
Specify Specifies the authorized account that makes the HTTP request.
Credentials
l Data Feed Service
l Other (when you select this option, you must specify the user name, password,
and domain.)
User Specifies the user name for a separate account to make request to the HTTP site.
Name
Password Specifies the password for a separate account to make request to the HTTP site.
Domain Specifies the domain for a separate account to make request to the HTTP site.
5. In the Data Request Properties section, complete the following fields.

Option Description
Data Specifies the uniform resource identifier (URI) of the HTTP or HTTPS site that
Request contains the data you want to import. This field also allows you to specify a port,
URI for example, http://company-server:8080/httpFeed/.
Header Specifies the key/value pair that may be required as part of your Get or Put
Parameters operation in Header Parameters.
To add another header parameter, click Add New. To remove a header
parameter, click in the row of that header parameter.
Post Data Specifies the posting data.

This field is available only if you have selected Put as the Action Type.
6. (Optional) In the Proxy Options field, select the applicable proxy option.
Option Description
Field Description
Name server.

Option Description
Tokens.
l If you have selected Nothing, continue to the next step.
l If you have selected Rename, enter the location and name of the new file you want to save in
the Destination File field.
10. Click Apply.


Field Description

(2), and so forth.
feed.

Field Description

Time
Zone
3. Click Save.
Mail Monitor Data Feeds

The Mail Monitor Transporter data feed enables you to monitor email accounts using mail fields or
plain text body XML to specific fields in an application. By pulling email content into RSA Archer
GRC, you can assess and process disparate email information, then create and document clear
action plans based on the information.
When integrating an application or questionnaire with a Mail Monitor data feed, you can do the
following:
l Insert email content into an application or questionnaire.
l Retrieve email messages, such as vulnerability alerts and open source monitoring alerts.
l Define field mapping from email content to content records.
l Configure mail protocols, mail servers, email accounts, and scheduling intervals.
feed must have a service account with valid logon credentials.
Use the following tasks to add a mail monitor data feed:

l Adding Standard Mail Monitor Data Feeds
l Adding Transport Only Mail Monitor Data Feeds

Adding Standard Mail Monitor Data Feeds
3. Click OK.
Option Description
failed to run.

Option Description
selected:

10. Click Apply.
2. From the Transport Method list, select Mail Monitor Transporter.
3. In the Transport Configuration section, enter the protocol and mail server credentials.

Option Description
Protocol Specifies which protocol retrieves emails from your mail server.
l POP3
l IMAP4
l Exchange
SSL Specifies whether there is an encrypted link between the browser and mail
Connection server through Secure Sockets Layer.
Port Specifies the port number as the communications endpoint for communicating
between the mail server and protocol type.
Mail Box (for IMAP4 only) Specifies the name of the mail folder into which emails are
Name received, for example Inbox.
Mail Server Specifies the name of the mail server, for example, https://usa.mailserver/mail/.
User Name Specifies the user name of the account used for logging in to the mail server.
Password Specifies the password for the user account used for logging in to the mail
server.
Retrieval Specifies whether the email message is deleted or copied on the mail server.
Method
l Delete. Remove the email messages from the mail server when retrieving.
l Leave Copy. Leave a copy of the email messages on the mail server when
retrieving.
Message Specifies whether the data retrieved from the email is contained in standard
Data Type mail fields or the body of the message.
Filter Specifies the filters for retrieving data from the email message.
4. (Optional) In the Post-Processing -Local Copy section, determine how the data feed should

Option Description
Tokens.
6. Click Apply.


6. Click OK.
7. Click Apply.

feed types.
Data options
needs.

definition.
6. Click Apply.


apply a filter.
source data.
bar.
8. Click Apply.
5. Click Apply.

reference, or CAST.
to remove.
6. Click Apply.

the record.
c. Click OK.
form field types.

identifier.
8. Click Apply.

application.
Option Description
or questionnaire.

target application.
Option Description
option.
Inactive.

the Status field.
4. Click Apply.



Field Description

(2), and so forth.
feed.

Time

Field Description
Zone
3. Click Save.
Adding Transport Only Mail Monitor Data Feeds
c. Click Add New.
3. Click OK.
Option Description
process the data.

user account.
Only data feed.
8. Click Apply.
2. From the Transport Method list, select Mail Monitor Transporter.
3. In the Transport Configuration section, enter the protocol and mail server credentials.

Option Description
Protocol Specifies which protocol retrieves emails from your mail server.
l POP3
l IMAP4
l Exchange
SSL Specifies whether there is an encrypted link between the browser and mail
Connection server through Secure Sockets Layer.
Port Specifies the port number as the communications endpoint for communicating
between the mail server and protocol type.
Mail Box (for IMAP4 only) Specifies the name of the mail folder into which emails are
Name received, for example Inbox.
Mail Server Specifies the name of the mail server, for example, https://usa.mailserver/mail/.
User Name Specifies the user name of the account used for logging in to the mail server.
Password Specifies the password for the user account used for logging in to the mail
server.
Retrieval Specifies whether the email message is deleted or copied on the mail server.
Method
l Delete. Remove the email messages from the mail server when retrieving.
l Leave Copy. Leave a copy of the email messages on the mail server when
retrieving.
Message Specifies whether the data retrieved from the email is contained in standard
Data Type mail fields or the body of the message.
Filter Specifies the filters for retrieving data from the email message.

Option Description
Tokens.
6. Click Apply.


Field Description

(2), and so forth.
feed.

Time

Field Description
Zone
3. Click Save.
RSS Data Feeds

The RSS data feed provides the ability to retrieve records from a configured RSS feed into an RSA
Archer GRC instance.
feed must have a service account with valid logon credentials.
Use the following tasks to add an RSS data feed:

l Adding Standard RSS Data Feeds
l Adding Transport Only RSS Data Feeds
Adding Standard RSS Data Feeds
3. Click OK.

Option Description
failed to run.
Option Description

Option Description
selected:

10. Click Apply.
2. From the Transport Method list, select RSS Transporter.
3. In the Transport Configuration section, enter the URL and credentials of the RSS
feed for retrieving source data.
Option Description
URL Specifies the URL for the RSS feed.

Option Description
Retrieval Specifies the number of records that will be retrieved from the RSS feed.
Count
Retrieval Units Specifies how data is contained in the RSS feed, for example, Days or
Articles.
User Name Specifies the name of the user account used for retrieving data.
Password Specifies the password of the user account used for retrieving data.
Option Description
Field Description
Name server.
6. (Optional) In the Post-Processing - Local Copy section, determine how the data
feed should handle the local copy of the source data when the integration is
complete. In the On Success field, select one of the following options.

Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
l If you selected Nothing, continue at the next step.
8. Click Apply.


6. Click OK.
7. Click Apply.

feed types.
Data options
needs.

Source Description
URL contents.
definition.
6. Click Apply.


apply a filter.
source data.
bar.
8. Click Apply.

5. Click Apply.
reference, or CAST.

to remove.
6. Click Apply.

the record.
c. Click OK.
form field types.
identifier.
8. Click Apply.


application.
Option Description
or questionnaire.
target application.
Option Description
option.

Option Description
Inactive.

the Status field.
4. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

Adding Transport Only RSS Data Feeds
c. Click Add New.
3. Click OK.
Option Description
process the data.

user account.
Only data feed.
8. Click Apply.
2. From the Transport Method list, select RSS Transporter.
3. In the Transport Configuration section, enter the URL and credentials of the RSS
feed for retrieving source data.
Option Description
Count
Articles.

Option Description
Field Description
Name server.
6. (Optional) In the Post-Processing - Local Copy section, determine how the data
feed should handle the local copy of the source data when the integration is
complete. In the On Success field, select one of the following options.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
8. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

Threat Data Feeds

Threat data feeds aggregate data from external data feed sources into RSA Archer GRC on a
dynamic and scheduled basis. The Data Feed Manager supports iDefense and DeepSight threat
feeds.
Supported DeepSight feed types
Transporter Supported Feeds
DeepSight Transporter 2.0 Malicious Code

Vulnerabilities
DeepSight Transporter 4.0 Security Risk

Vulnerabilities SCAP
Note: Data feeds using the DeepSight 2.0 transporter will soon become unusable because of
deprecation by Symantec. From the RSA Archer GRC Community on RSA Link, download a copy
of the data feeds that use the DeepSight 4.0 transporters and import them.
Supported iDefense threat feed types
l Malicious Code
l Vulnerabilities
l Geopolitical Threat
RSA Archer GRC provides a configuration file to establish a connection between an iDefense or
DeepSight threat feed and your instance of RSA Archer GRC. Each of the threat feeds can be
quickly integrated with your instance of RSA Archer GRC by importing the configuration file.
For a new threat feed, the first run is the baseload run, which should take place before regular threat
feeds run.
l For DeepSight threat feeds, the baseload runs as one job.
l For iDefense, the baseload runs in a series of jobs that pull up to 1,000 alerts at a time. Baseload
runs may take a long time to complete—typically under 14 days.
Before you begin: Visit the Integration Exchange

Before you begin a new integration project with Data Feed Manager, visit the RSA Archer GRC
Community on RSA Link. In the Integrations category, you can review prebuilt integration packages
from RSA Archer GRC and third-party providers such as Qualys, nCircle, and Sendmail.

New integration packages are available regularly, and each package includes the following items:
l Data feed configuration file
l Target application(s)
l Any supporting files (such as an .xslt file)
When you download an integration package from the RSA Archer GRC Community on RSA Link,
you can import the configuration file directly into the Data Feed Manager and, if necessary, modify
the configuration. You can also import the target applications into the RSA Archer GRC
environment and modify the applications through Application Builder.
Use the following tasks to manage threat data feeds:

l Adding DeepSight Threat Data Feeds
l Adding iDefense Threat Data Feeds
l Importing Threat Data Feeds
Adding DeepSight Threat Data Feeds
You can add a DeepSight threat data feed to integrate source data with an RSA Archer GRC
application. Threat data feeds can only be initiated from a standard data feed type.
Important: Only one version of the DeepSight transporter can be active at a time. If you try to
activate a threat feed that uses one of the two DeepSight transporters, and another threat feed that
uses the other DeepSight transporter is already active, a warning message appears. To continue
activating this threat feed, set the Status for the other DeepSight threat feed to Inactive.
Supported DeepSight feed types
Transporter Supported Feeds
DeepSight Transporter 2.0 Malicious Code

Vulnerabilities
DeepSight Transporter 4.0 Security Risk

Vulnerabilities SCAP

3. Click OK.
Option Description
failed to run.

Option Description
selected:

10. Click Apply.
2. From the Transport Method list, select the applicable transporter: DeepSight Transporter 2.0 or
DeepSight Transporter 4.0.
3. In the Transport Configuration section, enter the URL and credentials for retrieving source data.

Option Description
Count
Articles.
Option Description
Field Description
Name server.

Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
8. Click Apply.


6. Click OK.
7. Click Apply.

feed types.
Data options
needs.

Source Description
URL contents.
definition.
6. Click Apply.


apply a filter.
source data.
bar.
8. Click Apply.

5. Click Apply.
reference, or CAST.

to remove.
6. Click Apply.

the record.
c. Click OK.
form field types.
identifier.
8. Click Apply.


application.
Option Description
or questionnaire.
target application.
Option Description
option.

Option Description
Inactive.

the Status field.
4. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

Adding iDefense Threat Data Feeds
Complete this task to add a iDefense threat data feed for integrating source data with an
RSA Archer GRC application. Threat data feeds can only initiated from a standard data feed type.
Supported iDefense threat feed types
l Malicious Code
l Vulnerabilities
l Geopolitical Threat
3. Click OK.

Option Description
failed to run.
Option Description
selected:

10. Click Apply.

2. From the Transport Method list, select the applicable transporter: DeepSight Transporter 2.0 or
DeepSight Transporter 4.0.
3. In the Transport Configuration section, enter the URL and credentials for retrieving source data.
Option Description
Count
Articles.
Option Description
Field Description

Field Description
Name server.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
8. Click Apply.


6. Click OK.
7. Click Apply.

feed types.
Data options
needs.

Source Description
URL contents.
definition.
6. Click Apply.


apply a filter.
source data.
bar.
8. Click Apply.

5. Click Apply.
reference, or CAST.

to remove.
6. Click Apply.

the record.
c. Click OK.
form field types.
identifier.
8. Click Apply.


application.
Option Description
or questionnaire.
target application.
Option Description
option.

Option Description
Inactive.

the Status field.
4. Click Apply.



Field Description

(2), and so forth.
feed.

Time
Zone
3. Click Save.

Importing Threat Data Feeds
Before you begin

Before you work with threat feeds in RSA Archer GRC, verify that you have the following:
l License to one of the supported threat feed providers, including a user name and password.
l License to the RSA Archer Threat Management solution master.
l A user account for RSA Archer GRC with full access rights to the Data Feed Manager.
l Access to the RSA Archer Community on RSA Link to download the threat feed package file.
Step 1: Import a data feed
b. Under Integration, click Manage Data Feeds.
2. Click Import.
3. In the Open dialog box, click the configuration file and select its RSA Archer GRC version
number.
4. Click Open.
Step 2: Review and configure the imported data feed
1. From the Data Feeds list, select the data feed that you imported.
2. Click the General tab and go to the Feed Information section.
3. In the User Name field, select the user account that is appropriate for your threat feed.
4. Verify that the imported values match the following values:
Imported
Section Field Action
Value
Feed Feed Type Standard Do not change

Information

Imported
Section Field Action
Value
Notifications Send Blank Change this value only after the threat feed loading
Notifications the data in to your RSA Archer GRC completes.
After this completes and whenever the threat feed
runs, existing data is deleted or updated, and new
data is inserted.
Additional Data imported Do not change

Properties Validation data
5. Click the Transport tab and do not change the transport method or configuration.
6. Select the rules for post-processing.
Post-Processing options
complete.
Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.
Example 1

Option Description
01.31.2008.csv
Example 2
Post-Processing - Local Copy options

Option Description

Option Description
file.
the file.
Filename tokens
date/time formats.


name and extension.

filename.

original file.

Option Description
Example 1
01.31.2008.csv
Example 2
Important: Do not change the navigation method or file definition on the Navigation tab.
7. Click the Source Definition tab, and do not edit or remove fields.
Imported
Tab Field Action
Value
Source Source imported Do NOT edit or remove imported fields.

Data Fields data Add new calculated, static text, or lookup translation fields
as needed. For information on Manipulating Data, see the
Manipulating Data in the Source File of Standard Data
Feeds topic in the RSA Archer GRC Online
Documentation.
Data Data imported Do not change

Filter Filters data
Tokens Data imported Do not change

Validation tokens
l The token for DeepSight threat feeds identifies the last
sequence number retrieved.
l The token for iDefense identifies the date from which the
threat feed begins retrieving records.

8. Click the Data Map tab, and verify and map data if you added new source fields.
Imported
Tab Field Action
Value
Field Map Source Field mappings If you added any source fields, map
Fields/Target for default these fields to the target application.
Fields sources files For DeepSight threat feeds, do the
following:
1. Change the mapping of the Patch
ID.
2. Create a numeric field for the Patch

ID in the Patches application called
Patch ID Numeric.
3. Map the field to the Patch ID in the

threat feed, and assign the field as a
key field.
4. Remove patch Name as a key field.
Key Field Key Fields imported key Do not change

Definitions fields Sub-forms do not have keys defined by
default and do not need to have keys
added.
Update/Archive Update Options imported data Do not change

and Archive
Options
9. Click the Schedule tab, verify that the imported values are appropriate for the data feed. If not,
make the necessary changes.
10. Click Save.

Data Publications
The Data Publication Manager allows users to extract data from RSA Archer GRC and load it into
external systems for data analysis and modeling. To build a data publication, select the solution
whose data you want to publish, provide credentials for the database where the data is to be loaded,
and provide a schedule for automatically executing the publication. You can view the detail history
of data publication jobs, including detailed information on errors or records tried or failed.
Data publication process

The data publication process converts records residing in system applications into a relational
database structure. Applications, questionnaires, and sub-forms are created as tables in the
destination database and maintain their linkages, and fields are represented as columns in the table
of their parent entity (application, questionnaire, or sub-form).
When generating the names of columns and tables, the data publication process uses the Alias value
for applications, questionnaires, sub-forms, fields, and values lists. Using the alias values allows
administrators more flexibility in referencing a separate identifier than the display name and
provides a method for ensuring naming consistency, independent of the display name.
Supported field types

The following field types are supported for data publication:
l Attachment l Record Permissions
l Cross-Reference/Related Records (Upon l Record Status

publication, reference field values display a link to l Sub-Form (Upon publication, sub-form
the table containing the sub-form data.) field values display a link to the table
l Date containing the sub-form data.)
l External Links l Text
l First Published Date l Tracking ID (Prefixes and suffixes can
l Image be published.)
l IP Address l User/Groups List
l Last Updated Date l Values List (Fields that display the value
"No Selection" contain no value in the
l Matrix
published version.)
l Numeric (Prefixes and suffixes cannot be
published.)

Note: Calculated fields publish the current value of the field, not the calculation formula.
Adding Data Publications

From the Frequency list, select the frequency for the data publication from the following options and
complete setting up the schedule:
Frequency Description
Daily Select the Start Time and the Start Date for the publication. In the Every field,
select how often the data publication should run. For example, if you select 15, the
data publication executes every 15 days.
Weekly Select the Start Time and the Start Date for the publication. In the Every field,
data publication executes every 5 weeks. From the Weekday list, specify on which
day of the week you want the data publication to execute.
Monthly Select the Start Time and the Start Date for the publication. In the Every field,
data publication executes every 5 months. From the Execute On list, select on
which day of the month you want the data publication to execute. From the
Weekday list, select on which day of the week you want the data publication to
execute.
Add a data publication
1. Go to the Manage Data Publications page.
b. Under Integration, click Data Publications.
2. Click Add New, and do one of the following:
l To select new settings for a data publication, select Create a new Data Publication from
scratch.
l To use the settings of an existing data publications as a starting point, select Copy an existing
Data Publication and select the existing data publication from the Existing Data Publications
list.
3. Click OK.

5. From the Solution list, select the solution from which the data is to be published to the external
database.
6. Click the Connection tab.
7. From the Publication Target list, select the database type: SQL Server Database or Oracle
Database.
8. In the Connection String field, enter a connection string .
Example: Connection string

For the data publication to execute successfully, the server responsible for running the data
publication must have the required network access to the database.
Data Base Connection String
SQL Server=[name];Database=[name];UID=[user ID];Pwd={password}
Oracle Data Source=[name];User Id=[userID];Password={password}

The password to the target database can be entered in either the Password field or the
Connection String field as a token as shown in the previous step. When using a token, the
{Password} token in the connection string is replaced by the password entered in this field when
the connection string is submitted.
9. (Optional) In the Password field, enter a password if you have not included it in the connection
string.
10. (Optional) In the Text Connection field, click Test to test the connection to the target database.

Changing the Status of a Data Publication
Change the status of a data publication

b. Under Integration, Data Publications.
c. Select the data publication.
2. From the Status field, select Active or Inactive.

Clearing the Data Publication Job History

You can clear the history from jobs in a data publication.
Clear the data publication job history
1. Go to the data publication that you want to update.
2. In the Actions column if the publication you want to update, click .
3. Click Clear Job History.
l To delete the history, select the checkbox next to the Started column for the jobs you want to
delete the history and click OK.
l To clear all history for all jobs, select Clear All History.
5. Click OK when prompted.
Configuring Connection Parameters for Data Publications

Connection parameters specify which database, user, and password, will be added to a data
publication.

Configure the connection parameters
1. Go to the Connection tab of the data publication that you want to update.
d. Click the Connection tab.
2. From the Publication Target list, select the type of database where the information is to be
published.
3. In the Connection String field, enter the connection string to the database. To use the value
entered for the password, you can enter the password token by entering the following syntax:
Example: Connection string

For the data publication to execute successfully, the server responsible for running the data
publication must have the required network access to the database.
Data Base Connection String
SQL Server=[name];Database=[name];UID=[user ID];Pwd={password}
Oracle Data Source=[name];User Id=[userID];Password={password}

The password to the target database can be entered in either the Password field or the
Connection String field as a token as shown in the previous step. When using a token, the
{Password} token in the connection string is replaced by the password entered in this field when
the connection string is submitted.
4. In the Password field, enter the password that the system uses when accessing the database.
5. Click Apply.
6. Click Test in the Test Connection field.
Publishing Data Publications Immediately

You can publish publications immediately instead of waiting for the publishing schedule.

Publish a data publication immediately
1. Go to the Schedule tab of the data publication that you want to update.
2. In the Publish field from the Immediate Processing section, click Run Update Publication Now.

Setting the Data Publications Schedule
Set a schedule for a data publication
1. Go to the Schedule tab of the data publication that you want to update.
2. From the Frequency list, select the frequency for the data publication from the following options
and complete setting up the schedule.
3. From the Time Zone list, select the current time zone for the data publication.


Viewing the Data Publication Job History

The Run Detail box contains Statistics and Messages tabs. The Statistics tab shows the entity, rows
processed, status, and start date and time. The Messages tab shows the job activity, type, and date
and time of the activity.
View data publication history
1. Go to the Manage Data Publications page.
2. In the Actions column of the data publication that you want to view, click the Execution History
icon.
3. In the Status column, view the status to determine which job ran successfully or failed.
4. In the Actions column of the job that you want to view, click the Run Details icon.
5. When you are finished viewing the history, close the Run Detail dialog box.
6. Close all other open dialog boxes and pages.
API Integration
Web Services are an industry-standard way of integrating web-based or Internet-connected
applications using open standard protocols, such as Extensible Markup Language (XML) and Simple
Object Access Protocol (SOAP).
The RSA Archer Web Services API is a collection of web services that provide a programmatic
interface for interacting with RSA Archer GRC. Each web service supports multiple methods that
can be used together to automate the exchange of information between RSA Archer GRC and an
external application.
The available web services include the following classes:
Class Description
Access Provides programmatic access to the Access Control feature, such as creating users
Control and managing security parameters.
Access Provides programmatic access to options relating to managing access roles.

Role

Class Description
Field Enables you to manage and configure the values lists used in the applications,
questionnaires, and sub-forms.
General Enables you to create and terminate Web Services API user sessions.
Module Provides programmatic access to module information.
Record Enables you to manipulate content records in content applications.
Search Provides programmatic access to the search features of RSA Archer GRC.
The API Integration Manager in the Integration feature offers links to download Web Services
Description Language (WSDL) files and to the Web Services API code generator to help you more
efficiently format your code to integrate applications with services. From the API Integration page,
you can also download the Web Services API Reference Guide and connect to the Web API
Development discussion forum via the Archer Community.
For more information on the RSA Archer Web Services API, see the RSA Archer Web Services API
Reference Guide, which you can access from the RSA Archer Community on RSA Link, at
https://community.rsa.com/community/products/ArcherGRC. This guide documents each available
web service and provides XML formatting guidelines and samples. If you do not have access to the
RSA Archer Community on RSA Link site, but want to obtain this guide, contact the support team at
archersupport@rsa.com.
Generating API Code

To generate Web Services API (WebAPI) code you specify the unique identifiers for objects that
may be manipulated via the API. The Web Services API code generator automates the creation of a
set of human-readable variables that facilitate WebAPI development in CSharp (C#). Using the Web
Service API Code Generator page, you can generate source code that contains the Globally Unique
Identifier (GUID) for each supported element in your application.
The following application elements are included in a code generation:
l Application GUID
l Field GUIDs
l Field GUIDs for fields residing in related sub-forms
l Values list value GUIDs for Values List fields residing in the application or the related sub-forms
You can download this source code to a CSharp (.cs) file. You can then import the file into a Visual
Studio project.

Reference Guide on the RSA Archer Community site. This guide documents each available web
service and provides XML formatting guidelines and samples.
Generate API code
1. Go to the API Integration Manager page.
b. Under Integration, click Obtaining API Resources.
2. Click Generate API Code.
3. From the Application list, select the application for which you want to generate the source code.
4. Click Download Source File.
5. Click Save when prompted.
Using the Web Services Description Language File

The Web Services Description Language (WSDL) is an XML language that defines the standard
interface for interacting with the RSA Archer Web Services API (WebAPI). The WSDL file
specifies the location of the web service and the operations the service can perform. The WSDL
files enable you to automate the process of locating and invoking web service functions independent
of language or platform, allowing applications to easily integrate new services with little or no
manual code.
Reference Guide on the RSA Archer Community site. This guide is an HTML .zip file that includes
each available web service and provides XML formatting guidelines and samples. If you do not have
access to the RSA Archer Community site, but want to obtain this guide, contact the support team at
archersupport@rsa.com.
Download a Web Services Description Language file
1. Go to the API Integration Manager page.
b. Under Integration, click Obtain API Integration.
2. Click Download WSDL Files.

3. Click the link for the class whose code you need for your project.
4. Copy the entire block of code and paste it into your project.

Chapter 15: Packaging

Packaging provides the means for copying applications and other objects from one RSA Archer
GRC instance to another. Instead of manually recreating objects in a new instance and updating their
elements, Packaging efficiently installs objects and applies the changes in the new instance.
Use Packaging in the following scenarios:
l Supporting IT change control practices by enabling the transfer of large changes from
development to test to production instances. Packaging reduces the risk of deploying changes and
decreases manual configuration tasks, which also decreases the total cost of ownership.
l Sharing applications and solutions on the RSA Archer Community.
l Receiving and installing updates to RSA Archer GRC Solutions.
l Troubleshooting issues with Customer Support. Packaging enables customers to more efficiently
communicate error situations to Customer Support, improving the ability to diagnose and solve
issues.
Packaging terminology
Term Definition
Instance A single installation of RSA Archer GRC and associated database.
Source The instance in which the package is created and from which objects are copied.
Instance
Target The instance in which the package is installed and to which objects are copied.
Instance
Module Either an application or questionnaire.
Object Any entity within RSA Archer GRC that Packaging supports, for example, an
application, a sub-form, or field within an application.
Advanced A feature for mapping objects from the source instance to the target instance. By
Package default, this feature is activated during RSA Archer GRC installation. If you are not
Mapping using Advanced Package Mapping, you can deactivate this feature in the General
Settings of the RSA Archer Control Panel.
Packaging process
The following figure shows the complete packaging process, from creating an package on the source

instance to installing it on the target instance.


Package objects
The package is a ZIP file that contains one or more objects. An object is any entity within RSA
Archer GRC that Packaging supports, for example, an application or a sub-form or field within an
application.
Objects can be root, level 1, or level 2 objects, as listed in the following figure.
Root objects can stand alone. A Level 1 object cannot exist without a root object. Level 2 objects
cannot exist without a Level 1 object. Some Level 1 objects have child objects, for example, a
values list is a child of the custom values list field. The values list includes individual values list
values. All objects and elements are transferred within a package.
When you create a package on the source instance, you can select which applications,
questionnaires, workspace, dashboards, and access roles to include. Then, when you install a
package on the target instance, you can select which components to install. For each selected
component, you can map all child objects to existing objects in the target instance or have the system
create new objects.
Note: Packaging does not delete objects or permission settings. It only adds new or updates existing
objects and permission settings. Exceptions include layout and workflow, in which packaging
replaces the existing settings.

Supported and unsupported objects
The following objects are supported in Packaging:

l Access Roles
l Applications
l Dashboards
l Folders
l Global values lists
l iViews
l Letterhead templates
l Questionnaires
l Solutions
l Sub-forms
l Workspaces
Note: Folders are used to organize certain user-created objects, such as iViews and Mail Merge
templates. iViews must exist in the package from the source instance. Values List values is a child
object of Global Values Lists.
Packaging does not support the following objects:

l Appearance themes
l Discussion forums
l Personal dashboards
l Personal reports
l Record content
l Training and Awareness Campaign notification templates
l User and group creation
l User-specific preferences and attributes

Note: Email subscription preferences and Discussion Forum preferences are examples of user
specific preferences and attributes.
How objects are identified
Objects are identified by a unique system ID. Nearly every object in RSA Archer GRC has a
system ID, for example, applications, fields, and values lists.
The primary purpose of a system ID is to identify an object in the RSA Archer GRC database
whether internally or externally. Packaging uses system IDs to identify objects in the source and
target instances. By comparing the system IDs of objects in the source and target instances,
Packaging can determine whether an object already exists in the target and should be updated, or
whether to create a new object.
All objects supported by Packaging use system IDs, with the following exceptions:
l Workflow
l Users
Workflow objects use system IDs, but Packaging does not match Workflow objects. Instead,
Packaging overwrites the workflow configuration.
Packaging Rules
The Packaging process requires numerous rules and logic to determine how the individual elements
in applications and questionnaires are migrated from one instance of RSA Archer GRC to another.
Packaging does not delete objects or permission settings. It only adds new or updates existing objects
and permission settings. Exceptions include layout and workflow, in which packaging replaces the
existing settings.
The following sections provide additional rules and logic.
Access roles
When you import access roles with groups during the packaging process, the groups are created
without any members in the target instance. After the access roles are transported from the source
instance to the target instance, you must manually add users to each group .

Package Contains Access Role Package Contains Access Role

Not Linked to a Group that is Linked to a Group
Target Contains Access role is updated, no group Access role is updated, group is
Access Role Only changes added and linked in target
Target contains Access role is created, no group Access role is created, group is
group only changes linked to access role in target
Target contains Access role is updated, no group Access role is updated, group is
unlinked AR and changes linked to access role in target
group
Target contains Access role is updated, no group Access role is updated, no group
linked AR and changes (group remains linked to changes (group remains linked to
group access role) access role)
Advanced workflow
Packaging rules related to advanced workflow include:
l You cannot generate a package that contains an application or questionnaire with an advanced
workflow if the Advanced Workflow Service is not running.
l You cannot install an application or questionnaire with an advanced workflow if the target
application or questionnaire has active advanced workflow jobs (or active advanced workflow
jobs for the applicable level in a leveled application). You must complete all advanced workflow
jobs before installing the package.
l All advanced workflows are installed as inactive. After installation, you should review the install
logs for any errors and verify that the advanced workflow is configured correctly. Once you have
validated the advanced workflow, then you should activate the workflow.
l If a package includes an advanced workflow, the following scenarios and behaviors apply:

Target Install Install

Target Result
Application Method Option
No advanced Create Override Advanced workflow is created.

workflow New Layout New layouts are created. Existing layouts (matched by
exists Only system ID) are updated.
New data driven events are created. Existing data
driven events are not updated.
Do Not Advanced workflow is created.

Override New layouts are created. Existing layouts (matched by
Layout system ID) are not updated.
Create Override Advanced workflow is created.

New & Layout New layouts are created. Existing layouts (matched by
Update system ID) are updated.
driven events are updated.
Do Not Advanced workflow is created.

Override New layouts are created. Existing layouts (matched by
Layout system ID) are not updated.
If you choose not to override the layout, you may need
to make some manual updates to your existing layout so
that it works with the advanced workflow.
New data driven evens are created. Existing data driven
events are updated.
Advanced Create Override Advanced workflow is not installed.

workflow New Layout New layouts are created, but not associated with the
exists Only existing advanced workflow. Existing layouts are
updated, but not removed from any existing workflow
nodes.

Target Install Install

Target Result
Application Method Option
Do Not Advanced workflow is not installed.

Override New layouts are created, but not associated with the
Layout existing advanced workflow. Existing layouts are not
updated.
Create Override Existing advanced workflow is replaced with the

New & Layout advanced workflow in the package.
Update New layouts are created and associated with the
advanced workflow as applicable. Existing layouts
(matched by system ID) are updated but disassociated
from workflow nodes.
The existing layouts are still available and can be
reapplied to a workflow node, but the workflow may
require manual configuration to work correctly with the
existing layout.
Do Not Existing advanced workflow is replaced with the

Override advanced workflow in the package.
Layout New layouts are created and associated with the
advanced workflow as applicable. Existing layouts
(matched by system ID) are not updated.
Any existing layout that does not exist in the package is
disassociated from the workflow. The layout remains
available and can be reapplied to a workflow node, but
the workflow may require manual configuration to work
correctly with the existing layout.
l If the package does not include an advanced workflow, the package installation does not delete or
modify any existing advanced workflow settings in the target instance.

Audit fields
Packaging rules related to audit fields include:
l The Created By and Last Updated values for all elements created during the package installation
are attributed to the user who installed the package.
l The Last Updated value for all elements that are updated during the package installation are
attributed to the user who installed the package.
Calculations
The calculation order is retained from the source to the target. This rule is also true for calculation
order that can affect data driven events.
Data driven events

Packaging rules related to data driven events include:
l All rules in the package are installed regardless of association with any actions.
l All actions in the package are installed regardless of association with any rules.
l Existing rules and actions are not deleted by the package installation.
l Rule order is retained from the source to the target. This rule is also true for calculation order that
can affect data driven events.
l If the package disassociates a link between a rule and an action, the association also is removed
in the target instance.
l Rules related to Apply Conditional Layout actions include:

o If you select the Override Layout option when installing a package, and the target instance
includes Apply Conditional Layout actions that have different objects than specified in the
package, the package installation removes the settings for the layout objects that are not
applicable to the Apply Conditional Layout actions.
o If you select the Do not Override Layout option when installing a package, and the package
includes Apply Conditional Layout actions that assume a new layout is applied, the package
installation removes the settings for the layout objects that are no longer applicable.
Default value
Packaging rules for default values abide by the following if a new field is created with a default

value, or if a default value is added to an existing field, the existing content in the target instance is
not updated with the default value.
Documentation attachments
Packaging rules related to documentation attachments include:
l Packaging includes attachment files for objects that include a documentation attachment attribute
in the configuration. These include:
o Solutions documentation
o Applications documentation
o Questionnaires documentation
o Workspaces documentation
o Dashboards documentation
o iViews documentation (for all iView types)
o Mail Merge templates report template
l The user who installed the package is listed as the creator for the attachments.
l Existing file attachments are not deleted during the installation process.
l Attachments in the package are not matched but added to the target instance. If the attachment
already exists in the target instance, a duplicate attachment is created.
Fields
Packaging rules related to fields include:
l All attributes of fields can be updated by the package installation, with the following exceptions:
o Type
o Created By
o Key Field Designation
o Related Module
o Associated Values List
l An existing private field is not changed to a public field.

Filter criteria
Packaging rules for Filter Criteria include the following attributes that are updated during
installation:
l Values. If the system cannot map a Values List Value in the target instance, that item is removed
from the Values field for the condition.
l Field to Evaluate. If the system cannot map the field in the target instance, the condition is
migrated as a null condition.
l Condition Order Number
l Operator
l Relationship
l Advanced Operator Logic
Key fields
Packaging rules for Key Fields abide by the condition if the key field in the package is different from
the key field in the target instance, the target instance retains the same key field attribute as before
the installation.
Layouts
Packaging rules related to layouts include:
l The package installation process attempts to match all layouts in the package by system ID. The
process ignores any layouts that do not match.
l You cannot map the default layout or map custom layouts to the default layout.
l You can map custom layouts to custom layouts (if they are not matched by system ID).
l If a layout is matched by system ID, you can map all layout objects on the matched layout.
Levels in applications
Packaging rules related to levels in applications include:
l Existing levels are not deleted by the package installation.
l The package installation cannot change a leveled application to a flat application.

l If the levels in the target instance are arranged in a different hierarchy than the levels in the
package, the installation fails.
Mobile questionnaires
The mobile-ready flag of a mobile-ready questionnaire is turned off during the package installation
process.
To reset the questionnaire back to mobile ready, select the Mobile Ready option in the questionnaire
properties (Manage Questionnaires > questionnaire > General tab > Options section > Mobile
Ready) in the target instance after the installation is completed.
Personal reports
Packaging rules for Personal Reports do no install personal reports in the package installation. To
include personal reports, promote the report to a global report before creating the package in the
source instance.
Record permissions
Packaging rules related to record permissions include:
l User/Groups field population may be added to Record Permissions fields, but existing ones are
not removed by the package installation.
l New inherited fields may be added, but existing ones are not removed by the package installation.
l If a User/Groups field in the target instance is configured as a Record Permissions field in the
package, the package installation changes the field to the record permissions type.
Status fields
Packaging rules related to status fields include:
l If an existing application or questionnaire is updated, the current status in the target instance is
not changed by the package installation.
l If the package creates a new application or questionnaire and there are not enough licenses, the
new application or questionnaire is set to the Development status and a warning is logged.
Trending charts
You can add trending objects (fields and charts) to packages for migrating them to a target instance.

Certain rules apply when packaging trending objects. The main rule is if the trended field is not
added to the package, the layout object cannot be added to the package.
RSA Archer GRC uses the following rules when mapping trending objects, which are explained in
the following sections.
Trending rules - trending enabled
Source Target Install Method Layout Target Result
Yes Yes Create New and Update Any Trending enabled.
Yes No Create New and Update Any Trending enabled.
Yes No Create New Only Any Target field is not updated.
No Yes Create New and Update Any Trending enabled.
No Yes Create New Only Any Target field is not updated.
Trending rules - duration period
Install Target
Source Target Layout
Method Result
Same as Same as Create New and Any No change; remains the same.
Target Source Update
Shorter than Longer than Create New and Any Retains the duration period
Target Source Update specified in the Target.
Longer than Shorter than Create New and Any Retains the duration period
Target Source Update specified in the Source.
Trending rules - referenced field

The following table demonstrates what occurs when:
l Trending is enabled or disabled for the field.
l Trended field is deleted.

Install Target
Method Result
Trending Trending Create New Do Not Neither field is updated.

enabled enabled Only Override
Layout
Trending Field different Create New Do Not Target instance is updated to reference the
enabled than the field and Update Override field from the Source instance.
from the Layout
Source
instance.
Trending Field different Create New Do Not Field exists in both places. The chart object
enabled than the field Only Override is updated to reference the field in the Source
from the Layout instance.
Source
instance.
Trending Field different Create New Do Not Field does not exist in the Target instance.
enabled than the field Only Override The field from the Source instance is created
from the Layout in the Target instance, and then referenced
Source by the trending chart object in the Target
instance instance.
Trending Trending Create New Do Not Target instance is updated with any trending
enabled enabled and Update Override chart properties that exist in the Source
Layout instance. The layout is not affected.
Trending Trending Create New Override Target instance is updated with any trending
enabled enabled and Update Field chart properties that exist in the source. The
position of the trending chart object on the
application layout and the span properties are
affected.
Trending Trending Create New Override Position of the trending chart object on the
enabled enabled Only Layout application layout is affected. The field and
trending chart object properties are not
updated.

Install Target
Method Result
Trending Trending Create New Override The following message is displayed: Package
enabled disabled Only Layout Install Successful.
The trending chart cannot be created in the
Target instance for the following reasons:
l Referenced field is not trended.
l The packaging operation does not enable

trending in the Target instance when
Create New Only is selected.
Trending Trending Create New Override Trending chart object and referenced field
enabled disabled and Update Layout are created in the Target instance.
Application layout matches the Source
instance.
Field in the Target instance is trending-
enabled, and the associated trending chart is
created in the Target instance.
Trending Field deleted Create New Do Not Trending chart object and referenced field
enabled Only Override are created in the Target instance.
Layout Application layout is not overridden.
Trending Field deleted Create New Do Not Trending chart object and referenced field
enabled and Update Override are created in the target. Application layout
Layout is not overridden.
Trending rules - trending chart objects

The following table demonstrates what occurs when the trending object (field or chart) or
placeholder object is added to the layout.
Install Target
Method Result
Trending Trending Create New Do Not Neither field is updated.

object object on Only Override
on layout Layout
layout

Install Target
Method Result
Trending Trending Create New Do Not Target instance is updated to reference the field
object object on and Update Override from the Source instance.
on layout Layout
layout
Trending Trending Create New Do Not Referenced field exists in both places and
object object on Only Override maps. The trending object is updated to
on layout Layout reference the field in the Source instance.
layout
Trending Trending Create New Do Not Referenced field does not exist in the Target
object object on Only Override instance. The field from the Source instance is
on layout Layout created in the Target instance, and then
layout referenced by the trending object in the Target
instance.
Trending Trending Create New Do Not Target instance is updated with any trending
object object on and Update Override chart properties that exist in the Source
on layout Layout instance. The application layout is not changed.
layout
Trending Trending Create New Override Target instance is updated with any trending
object object on and Update Layout chart properties that exist in the Source
on layout instance. The position of the trending object on
layout the application layout and the span properties
are updated to match the Source instance.
Trending Trending Create New Override Position of the trending object on the application
object object on Only Layout layout is updated. The field and trending object
on layout properties are not updated.
layout

Install Target
Method Result
Trending Placeholder Create New Override The following message is displayed: Package
object on layout Only Layout Install Successful.
on The trending chart cannot be created in the
layout Target instance for the following reasons:
l Referenced field is not trended.
l Packaging operation does not enable trending

in the Target instance when Create New
Only is selected.
Trending Placeholder Create New Override Trending object and referenced field are
object on layout and Update Layout created in the Target instance. Application
on layout matches the Source instance.
layout Field in the Target instance is trending-enabled,
and the associated trending chart is created in
the Target instance.
Trending Placeholder Create New Do Not Trending object and referenced field are
object on layout Only Override created in the Target instance. Application
on Layout layout is not overridden.
layout
Trending Placeholder Create New Do Not Trending object and referenced field are
object on layout and Update Override created in the target. Application layout is not
on Layout overridden.
layout
Users and groups

Packaging rules related to users and groups include:
l The package installation process attempts to match all users in the package by user name and
domain. The process ignores any users that do not match.
l The package installation process attempts to match all groups in the package by system ID. If no
matches are found, the process then attempts to match groups by group name and domain. The
process ignores any groups that do not match.

Values lists
Packaging rules related to values lists, which may include global values lists, questionnaire values
lists, or custom values lists, include:
l If a global values list in the package file matches a custom values list in the target instance, the
custom values list is promoted to a global values list during installation. However, the opposite is
not true. A global values list in the target instance is not demoted to a custom values list during
installation.
l The following values list values attributes are not updated if settings already exist in the target
instance:
o Height
o Default text
l In custom ordered values lists, new values are added to the end of the list.
Workflow
Packaging rules related to workflow include:
l If a package includes workflow settings, all workflow settings from the package are installed on
the target instance and the prior workflow settings are overwritten. However, if you select the
Create New Only option when installing a package and at least one stage already exists in the
target instance, the package installation does not make any changes to the existing workflow
settings. If no workflow stages have been defined in the target instance, and you select the Create
New Only option, the package installation updates all workflow settings as specified in the
package.
l If the package does not include any workflow settings, the package installation does not delete or
modify any existing workflow settings in the target instance.
l Any records in a workflow stage that is deleted by the package installation are routed to the start
point of the workflow process.
Before You Begin

Packaging is a complex process and makes permanent changes to your system, so you must be
aware of certain factors and considerations before you begin. Review the following sections.

Database back up and recovery

There is no Undo function for a package installation. Because packaging is a powerful feature that
can make significant changes to an instance, RSA strongly recommends backing up the instance
database before installing a package. This process enables a full restoration if necessary.
An alternate method for undoing a package installation is to create a package of the affected objects
in the target instance before installing the new package. This package provides a snapshot of the
instance before the new package is installed, which can be used to help undo the changes made by
the package installation. New objects created by the package installation must be manually deleted.
Packaging impact on system performance

System performance may vary based on the size of package files. A large number of cross-reference
fields and questionnaires can affect system performance.
Advanced Package Mapping requires a considerable amount of memory, which can result in loss of
data input and IE errors when working with large applications.
Package file size
If the modules in a package contain cross-reference fields, the package file includes additional data
to ensure that the cross references are properly maintained. As a result, package files can get very
large. Because a questionnaire contains cross-references to the Findings application, and the
Findings application references other applications, a package file that includes even a single
questionnaire can become very large. Large package files can slow the performance of the
installation process.
To optimize performance for packaging, increase the RAM on the servers.
Virtual memory size
The page file settings on the server running RSA Archer Services can have a significant impact on
performance. If the size of the page file is too small for all current processes, the system generates
an out-of-memory error that can result in a loss of functionality or unexpected results.
Installing a large package file is one scenario that can cause this condition. The resolution is to
modify the virtual memory settings on the operating system to provide more resources to the RSA
Archer Services. RSA recommends configuring the operating system to automatically manage the
paging file size for all drives.
This setting is found in the System Properties > Performance Options > Virtual Memory dialog box.

When you select Automatically manage paging file size for all drives, the operating system
automatically takes steps during resource-intensive activities to protect itself from running out of
memory.
If the server in your organization is configured with a fixed size for the paging file, you can still help
prevent out-of-memory errors by configuring the system to manage paging file sizes on other drives.
Otherwise, if the page file is fixed, the system can incur out-of-memory errors during resource-
intensive activities.
Packaging rules
The Packaging process requires a large amount of rules and logic to determine how the individual
elements in applications and questionnaires are migrated from one instance of RSA Archer GRC to
another. In general, Packaging does not delete objects or permission settings. It only adds new or
updates existing objects and permission settings. Exceptions include layout and workflow, in which
packaging replaces the existing settings.
See Packaging Rules for additional rules and logic.
Installing packages from previous versions

Version 5.2 of RSA Archer GRC added support for additional objects, including workspaces,
dashboards, iViews, notifications, and mail merge templates.

If the package was created on a version prior to 5.2, these objects are not included in the package
file and are not installed.
Installing a translated language to another instance

You must use the package functionality in RSA Archer GRC to install a translated language to
another RSA Archer GRC instance. You can install a translated language for any of the following
individual RSA Archer objects:
l Applications
l Questionnaires
l Workspaces
l Dashboards
The RSA Archer GRC versions of the source instance and the target instance affect the kind of
package installation you will use because of the existence of Global Unique Identifiers (GUIDs) for
objects and any dependencies, for example sub-forms, that are present in the instances. The
installation of the translation language can succeed only when the GUIDs match in both instances.
If you intend to install a translated language from a source instance that has been upgraded from a
previous version to RSA Archer GRCversion 5.5 Service Pack 2 into a target instance that as also
been upgraded, then the GUIDs do not match between the instances. To ensure that the installation
succeeds, you must select Full Install as the translation option for the package rather than
Translation-only. A full installation of the package synchronizes the GUIDs for objects and their
dependencies in both instances, whereas Translation-only does not.
Licensing issues
When installing a package with a core module in to a target instance in which it does not exist
currently, that core module must be licensed prior to the package installation in the target instance.
The package installation verifies that core solutions and applications are licensed on the target
instance. If the target instance does not have the proper licenses, the objects are not installed and
errors are logged to the Package Log file. In some cases, the package installation generates errors
when installing packages that contain core applications that are properly licensed but have not yet
been installed on the target instance.
The resolution is to reapply the license key after the package installation and then install the package
again.
How system ID mismatches occur

System ID mismatches occur when a user manually creates an object in the source instance and then

manually re-creates the same object in another instance. Because system IDs are assigned randomly
to objects when they are created, the system IDs of each of these objects will be different.
Because system ID mismatches occur when the same object is manually created in multiple
instances, the simplest way to avoid system ID mismatches is to use Packaging to copy all changes
from one instance to another.
Using packaging with recommended development environments

The recommended development environment consists of three instances of RSA Archer GRC:
1. Development
2. Test
3. Production
When making changes to RSA Archer GRC, the typical workflow involves first building the changes
in the development instance, copying them to the test instance for testing and verification, and then
copying them to the production instance.
Instead of manually re-creating the objects in each instance, Packaging can efficiently apply the
changes to each instance.
Ideally, each of these instances would contain the same database. However, in larger organizations
or organizations with strict security policies, the development and test instances have test databases
with a smaller set of example data. As a result, some tests cannot be fully validated until the objects
are moved from the test to the production instances.
Authoritative source and control standard references

Authoritative Source and Control Standard references may be added, but existing ones are not
removed by the package installation.

Creating Packages
This process creates the package and the package description, generates the package file, and
downloads the package file to a location accessible by the target instance.
Step 1: Create the package definition

A package is a collection of settings that define the components that you want to migrate. Once the
package is defined, it can be generated into a package file.
Note: To create a copy of an application in the same instance of RSA Archer GRC, create a new
application and select the option to create a copy of an existing application.
1. Go to the Manage Packages page.
b. Under Application Builder, click Packages.
l To create a new package, click Create a new Package from scratch.
l To create a package from an existing package, click Copy an existing Package and select the
package you want to copy.
3. Click OK.
4. In the General Information section, enter the name and description of the package.
5. Click Apply.

Step 2: Add components to the package definition
1. Go to the package you want to update.
c. Select the package you want to update, and go to the Components section.
2. In the Components section, review the list of applications, questionnaires, dashboards,

workspaces, or access roles currently included in the package.
3. To add a new component, click Lookup.
4. On the Applications tab, select the applications that you want to include in the package.
Note: Unlicensed applications are not available for packaging.
5. On the Questionnaires tab, select the questionnaires that you want to include in the package.
6. On the Workspaces tab, select the workspaces that you want to include in the package.
7. On the Dashboards tab, select the dashboards that you want to include in the package.
8. On the Access Roles tab, select the access roles that you want to include in the package.
9. Click OK.
Note: The components that you selected for the package are displayed in the Components
section.
10. Click Save.
Note: The packge is displayed in the Packages list. The date in the Last Updated column
indicates when the package was last updated. The date in the Last Generated column, if present,
indicates when the package file was last generated.
Step 3: Generate the package file

When you generate a package, RSA Archer GRC creates a package file using the most current
information in the instance of RSA Archer GRC

1. Go to the Manage Packages page.
2. Locate the package in the list that you want to generate and review the date listed in the Last
Updated column.
Read more
The Last Updated column indicates when the package was last modified. Any changes that were
made to the source instance of RSA Archer GRC after this date are not reflected in the package.
3. Review the date listed in the Last Generated column.
Read more
The date in the Last Generated column indicates when the package file was generated. If the
field is blank, the package has not been generated and a package file has not been created. If a
date is listed, but does not match the date in the Last Updated column, the package file may be
out of date. You may need to generate the package again to ensure that any recent changes to the
package are reflected in the package file.
4. To generate the package and a new package file, click Generate for the package that you want
to generate.
Read more
The Generate Package File process is queued into the asynchronous job engine. The job may or
may not run immediately, depending on the jobs currently queued in the job engine. By default,
the generated package file is stored in the file repository.
Note: After a package file is generated, it is not automatically updated. If any changes are
subsequently made to the source instance, you will need to generate a new package file to ensure
that the information in the package file is current.
Step 4: Download the package file

To download a package that was imported on a target instance, click Install Packages and click
Download for the package.

1. Go to the package that you want to download.
b. Under Application Builder, click Manage Packages.
2. In the Last Updated column, review the date listed.
3. In the Last Generated column, review the date listed.
4. Click Download and select a folder in which to save the package file.
Note: Be sure to save the file in a location that is accessible to the RSA Archer
GRCadministrator of the instance who plans to import the package file.
Installing Packages
Package installation includes importing the package, mapping objects, and installing the package.
During this process, mapping and installation logs are created.
Note: When installing a package with a core module into a target instance in which it does not exist

Install package process
Install a package
1. On the destination instance of RSA Archer GRC, back up the instance database.
2. Import the package file. Once imported, the package file is available for installation.
3. Map the objects in the package file. All objects in the package or only the ones selected during
the package installation can be installed on the target instance. The elements of the objects being
installed can be created only, or created and updated on the target instance. Additionally,
existing layout settings can be overridden in the target instance.
4. Install the package file. At this time, the objects in the package file are migrated to the current
instance. The system generates the Package Installation Log.
5. Review the Package Installation Log.

Backing Up Your Database

There is no Undo function for a package installation. Because packaging is a powerful feature that
can make significant changes to an instance, RSA strongly recommends backing up the instance
database before installing a package. This process enables a full restoration if necessary.
An alternate method for undoing a package installation is to create a package of the affected objects
in the target instance before installing the new package. This package provides a snapshot of the
instance before the new package is installed, which can be used to help undo the changes made by
the package installation. New objects created by the package installation must be manually deleted.
Importing Packages
Before you can install a package file, you must import it to your instance of RSA Archer GRC. You
create the package file on the source instance of RSA Archer GRC using the Manage Packages
feature.
Import a package
1. Go to the Install Packages page.
b. Under Application Builder, click Install Packages.
2. In the Available Packages section, locate the package file that you want to install and click
Install.
3. Click Add New, then locate and select the package file that you want to import.
4. Click OK.
The package file is displayed in the Available Packages section and is ready for installation.
Note: Only the package file has been imported; you must install the package file to migrate the
components to your instance of RSA Archer GRC.
Mapping Objects
Advanced Package Mapping enables you to review and modify how individual objects are mapped
from the source instance to the target instance.

During the package installation, if the system ID of an object in the source package does not match
any system IDs in the target instance, the process creates a new object. However, in some cases,
the object may already exist in the target instance, but with a different system ID. In this case, the
package installation creates a new object, and if the object name is the same in the source as it is in
the target instance, a number will be appended to the new object in the target. For example, if a field
called "First Name" exists in both the source and target instances and the system IDs do not match,
the process creates a new field called "First Name (1)" in the target instance with all of the
attributes of the field in the source instance. In this case, you do not want the package installation to
create a new object.
Using Advanced Package Mapping, you can change the system ID of an object in the target instance
so that it matches the system ID of an object in the source package. When the system IDs match,
packaging updates the intended objects instead of creating new, duplicate objects.

Mapping object process
Mapping objects does not change the target instance. Elements of objects can only be updated
through the package installation. Objects in the source instance are merged with objects in the target
instance. Elements of objects in the target instance can be created, or created and updated, and
layouts can be overridden during the installation process.
Note: An exception is with data driven event (DDE) notifications. Recipients in source instance
replace the recipients in the target instance.

Mapping objects is extremely important to ensure that duplicate objects are not created in the target
instance and that all objects in the target instance match the intended objects from the source
instance. If objects are not mapped properly unintended consequences will occur in the target
instance. For example, changing the system ID of a field can adversely affect any data feeds or
calculations that use this field. These issues can be difficult to identify and remedy later. Always
back up the instance database before importing and installing a package.
When a root object includes level 1 and level 2 objects, it is vital that the object is mapped to its
lowest level. Some level 1 and level 2 objects also have child elements and dependencies. These
elements must also be mapped. Map the child elements before mapping the parent object.
Mapping process rules

When mapping objects, the Advanced Package Mapping process follows these rules:
l Does not change the system ID of objects that were mapped by the system.
l Does not change the system ID of system-protected objects.
l Does not change the system ID of objects in which Do Not Map was selected by the user.
l Only maps to objects of the same type. For example, you cannot map a Text field to a Date field
or a custom Values List to a Global Values List.
Important considerations
l Advanced Package Mapping requires a considerable amount of memory, which can result in loss
of data input and IE errors when working with large applications. System performance may vary
based on the size of package files. To optimize your system for packaging, RSA recommends
upgrading to Silverlight 5.06 for those users who perform the role of packaging administrator.
l Advanced Package Mapping can create unintended consequences on the instance. For example,
changing the system ID of a field can adversely affect any data feeds or calculations that use the
field, and these issues can be difficult to identify and remedy later. Before executing the mapping
process, back up your database.
l Advanced Package Mapping does not update data feeds and Web APIs. Modifying the system ID
of an object used by a data feed or Web API will break the relationship with the object. The data
feed or Web Service API will no longer function properly. The resolution is to update the data
feeds and Web Service APIs to reference the new system IDs of those objects.
l During the mapping process, you may discover discrepancies in the data, such as unwanted
objects in the source or target instance. Before installing the package, RSA recommends fixing

any discrepancies in the source or target instances, then re-creating the package. Otherwise, any
data discrepancies will be retained after the package installation.
l When mapping larger packages, RSA recommends dividing the mapping process into multiple,
smaller portions, rather than mapping and executing all of the changes at one time. You can use
the Export Mapping Settings and Import Mapping Settings features to save and load mapping
settings if needed. However, do not install the package until you have completed the entire
mapping process.
Map objects
1. Go to the Available Packages tab of the Install Packages page.
c. Click the Available Packages tab.
2. In the Available Packages section, select the package you want to map.
3. In the Actions column, click for that package.

The analyzer runs and examines the information in the package. The analyzer automatically
matches the system IDs of the objects in the package with the objects in the target instances and
identifies objects from the package that are successfully mapped to objects in the target instance,
objects that are new or exist but are not mapped, and objects that do not exist (the object is in the
target but not in the source).
Note: This process can take several minutes or more, especially if the package is large, and may
time out after 60 minutes. This time-out setting temporarily overrides any IIS time-out settings
set to less than 60 minutes.
When the analyzer is complete, the Advanced Package Mapping page lists the objects in the
package file and corresponding objects in the target instance. The objects are divided into tabs,
depending on whether they are found within Applications, Solutions, Access Roles, Groups, Sub-
forms, or Questionnaires.
4. On each tab of the Advanced Mapping Page, review the icons that are displayed next to each
object name to determine which objects require you to map them manually.

Icon Name Description
Awaiting Indicates that the system could not automatically match the object or
Mapping children of the object to a corresponding object in the target instance.
Review Objects marked with this symbol must be mapped manually through the
mapping process.
New objects should not be mapped. This icon should remain visible. The
mapping process can proceed without mapping all the objects.
Mapping Indicates that the object and all child objects are mapped to an object in
Completed the target instance. Nothing more needs to be done with these objects in
Advanced Package Mapping.
Do Not Indicates that the object does not exist in the target instance or the object
Map was not mapped through the Do Not Map option. These objects will not be
mapped through Advanced Package Mapping, and must be remedied
manually.
Undo Indicates that a mapped object can be unmapped. This icon is displayed in
the Actions column of a mapped object or object flagged as Do Not Map.
5. Note: You can execute the mapping process without mapping all the objects. The icon is
for informational purposes only
6. For each object that requires remediation, do one of the following:
l To map each item individually, on the Target column, select the object in the target instance
to which you want to map the source object. If an object is new or if you do not want to map
an object, select Do Not Map from the drop-down list.
Important: Ensure that you map all objects to their lowest level. When objects have child or
related objects, a drill-down link is provided on the parent object. Child objects must be
mapped before parent objects are mapped. For more details, see Parent/Child Object
Mapping.
l To automatically map all objects in a tab that have different system IDs but the same object
name as an object in the target instance, do the following:
a. In the toolbar, click Auto Map.
b. Select an option for mapping objects by name.

Option Description
Ignore Select this option to match objects with similar names regardless of the case
case of the characters in the object names.
Ignore Select this option to match objects with similar names regardless of whether
spaces spaces exist in the object names.
c. Click OK.
The Confirmation dialog box opens with the total number of mappings performed. These
mappings have not been committed to the database yet and can be modified in the
Advanced Package Mapping page.
d. Click OK.
l To set all objects in the tab to Do Not Map, in the toolbar, click Do Not Map.
Note: To undo the mapping settings for any individual object, click in the Actions column.
When all objects are mapped, the icon is displayed in the tab title. The icon is displayed
next to the object to indicate that the object will not be mapped.
7. Verify that all other objects are mapped correctly.
8. (Optional) To save your mapping settings so that you can resume working later, see Exporting
and Importing Mapping Settings.
9. Once you have reviewed and mapped all objects, click .
10. Select I understand the implications of performing this operation and click OK.
The Advanced Package Mapping process updates the system IDs of the objects in the target
instance as defined on the Advanced Package Mapping page. When the mapping is complete, the
Import and Install Packages page is displayed.
Important: Advanced Package Mapping modifies the system IDs in the target instance. Any
Data Feeds and Web Service APIs that use these objects will need to be updated with the new
system IDs.
Parent and Child Object Mapping
When mapping objects in a package, it is very important to map every object to its lowest level. On
the Advanced Package Mapping page for a package, when objects have child or related objects, a
drill-down link is provided on the parent object. Child objects must be mapped before parent objects
are mapped.

The following icons, located in the Actions column of a child object, identify whether these child
objects are mapped correctly.
Button Description
Indicates that the object and all child objects are mapped to an object in the target
instance. Nothing more needs to be done with these objects in Advanced Package
Mapping.
Indicates that the system could not automatically match the object or children of the
object to a corresponding object in the target instance.
Objects marked with this symbol must be mapped manually through the mapping
process.
New objects should not be mapped. This icon should remain visible. The mapping
process can proceed without mapping all the objects.
Child elements and dependencies for each root object

The following figures show the child elements and dependencies that may need to be mapped for
each type of root object.

Applications

Questionnaires

Sub-forms

Other root objects
Mapping child objects in fields

You should also verify that all of the child elements are mapped correctly in the following field
types.
Field
Remediation
Type
Global Verify that the Global Values Lists (GVLs) match across the source and target
Values instances. If the package changes or removes existing values in a GVL, verify that
Lists these changes do not adversely impact other objects or features that use the same
GVL. Note that this is not a concern when values are added to a GVL.

Field
Remediation
Type
Cross- Verify that the relationships match between the source and target instances for cross-
Reference reference fields. It is possible to map a cross-reference field to a different module,
thus creating error situations after package install.
Sub-form Verify that the sub-form fields map to the same sub-form in both the source and target
instances.
Matrix Verify that the values lists referenced by the matrix field match in both the source and
target instances.
CAST Verify that the child objects match in both the source and target instances. This
mapping includes the associated application, application level, and values list fields.
Mapping values lists

Values Lists can be confusing to map. The differences between the three components are:
l Values List field. The field in the application that contains the values list.
l Values List. A field-specific, or custom values list, a global values list, or a questionnaire values
list.
l Values List values. The items within the values list.
Consider the following points when you map these components:

l When mapping values lists, be sure to map the values list field, the values list, and the values list
values. If you do not map all three components, you may have unexpected results that can be
difficult to remedy.
If you map only a values list field and not the associated values list and values list values,
Packaging does not create a new values list for that field and a warning message is logged.
Anything associated with that values list, such as calculations or data driven events, may not
function properly until the values list values are added.
If you map a values list field and its associated values list, but none of the values list values,
Packaging either updates the existing or creates new values list values under that values list. This
process can potentially create duplicate values. Anything already associated with the values list,
such as calculations or data driven events, are changed to point to the new, duplicate values.
l You cannot map to different types of values list components. For example, you cannot map a
custom values list to a global values list. In the rare instance in which you may want to map to a

different type, RSA recommends that you update the object in either the source or target instance
so that the objects match. After making the updates, regenerate the package.
Note: These recommendations also apply to the values lists in matrix fields.
Exporting and Importing Mapping Settings
Mapping objects can be an involved process that takes time to complete. To ensure mappings are not
lost prior to completing the process, Advanced Package Mapping includes Export and Import
functions.
The Export function saves the current mappings to a .csv file. When exporting and naming this file, it
is important to use a detailed, logical filename. This .csv file is exported to a designated location.
The Import function imports the saved mapping file so that the mappings can be completed.
Export mapping settings

Complete this task to export mapping settings to a .csv file for the purpose of saving them. You can
then import the file at a later time to resume working.
Note: To export mapping settings you must have update rights to the Install Packages page.
1. Go to the Available Packages tab of the Install Packages page.
2. In the Available Packages section, select the package.
4. Map the objects as needed.
5. To export the settings, click in the title bar.
6. Enter a file name and location, and click Save.
Important: Use a descriptive file name to ensure that you do not make any mistakes later when
importing the file.

Import mapping settings

Complete this task to import mapping settings that were previously exported to a file.
Note: To import mapping settings, you must be a user with update rights to the Install Packages
page.
1. Go to the Available Packages tab of the Advanced Package Mapping page.
2. Locate the package that you want to map.
4. Click in the title bar.
5. Select one of the following options:
Option Description
Override All Replaces all current mapping settings with the settings in the file
Add New Retains the current settings and adds only the new settings from the file
Add New/Override Adds new settings, retains current settings, and overrrides any current
Existing settings with the settings in the file
6. Click OK.
7. Select the file to import, and click Open.

The mapping settings are imported and displayed on the Advanced Package Mapping page.
Undoing Package Mapping
Advanced Package Mapping includes an Undo feature for rolling back the mapping of objects. This
option is available from the Package Mapping Log. The Undo Mapping Changes feature only reverts
the mapping of the object. It does not undo the package installation. To undo a package installation,
restore the backup of the database.
Complete this task to undo changes made to system IDs during the Package Mapping process. The
following objects are not affected:

l System mapped objects.
l Objects where no Target selections exist.
Before you begin

Back up your instance database.
Undo package mapping
1. Select the Package that contains changes that you want to undo.
c. Click the Package Mapping Log tab.
d. Select the package.
2. On the Package Mapping Log page, click Undo Mapping Changes.
3. Select the objects that you want to undo. To select all mappings, click Undo All Mappings.
4. Click OK.
5. In the warning dialog, click OK.

When the mapping is complete, the Import and Install Packages page is displayed. A new entry
is displayed in the Package Mapping Log section with Undo in the Type column.
Exporting a Package Mapping Log for Review
The package mapping process creates a log describing the changes made to the objects in the target
instance. Complete this task to view the Package Mapping log on the Package Mapping Log page or
export a .csv file for review.
Package mapping log messages
Log Message Description
The update failed due The mapping process attempted to change a system ID to one that is
to a unique constraint already in use by another object. Two objects of the same type cannot
violation. have the same system ID.
The target object was The object mapped from the source instance to the target instance was
updated successfully. successfully updated in the target instance.

Log Message Description
The object you The object no longer exists. It may have been inadvertently deleted in the
attempted to update time between mapping the object and executing the mapping changes.
does not exist.
The event rule order The sequential order of the DDE rule was changed in the target instance.
was changed for this
level.
The field calculation The sequential order of the field calculation was changed in the target
order was changed for instance.
this level.
Review the package mapping log
1. Go to the Import and Install Packages page.
2. In the Package Mapping Log section, click the package that you want to view.
3. To export the report to a .csv file, click in the Action toolbar.
Installing Packages
Complete this task to install a package after you have imported the package file. You can queue
multiple packages, however RSA Archer GRC only installs one package at a time.
When installing a package with a core module in to a target instance in which it does not exist
Important: Ensure that you have backed up your database before beginning this procedure. The
package installation cannot be reversed. The only way to reverse a package installation is to restore
the RSA Archer GRC database backup.
The Install Package process is queued into the asynchronous job engine. This jobs may or may not
run immediately, depending on the jobs currently queued in the job engine. The Install Package
process impersonates the user who runs the install, so any objects modified or created during the
package installation will be associated with that user.

Objects are installed in the following order:
1. Applications (and levels of the application)
2. Questionnaires
3. Sub-forms
4. Folders
5. Questionnaire values lists
6. Question filter properties
7. Fields
8. Reports
9. Layout
10. Navigation Menu items
11. Calculation formulas
12. Letterhead templates
13. Notifications
14. Workflows
15. Data Driven Event actions
16. Data Driven Event rules
17. Questionnaire campaigns
18. Questionnaire show/hide rules
19. iViews
20. Dashboards
21. Workspaces
22. Access Roles
All objects from the source instance are installed in the target instance unless the object cannot be
found or is flagged to not be installed in the target instance. A list of conditions that may cause
objects not to be installed is provided in the Log Messages section. A log entry is displayed in the
Package Installation Log section.

Install a package
If installing a package that contains Record Permissions fields, verify that users and groups already
exist in the target instance. If they do not, these fields may not install properly. If necessary, create
the users and groups in the target instance before installing the package.
1. Go to the Install Packages page.
2. In the Available Packages section, locate the package file that you want to install, and click
Install.
3. Under Configuration, select the components of the package that you want to install.
4. Under Install Method, select an option for each selected component:
Option Description
Create Only creates new fields and other elements in the applications, questionnaires,
New workspaces, and dashboards specified in the package file. This option does not
Only modify any existing elements on your instance of RSA Archer GRC. This is useful
when you want to add functionality to an existing application, questionnaire,
workspace, dashboard, or access role, but you do not want to risk making any
unwanted changes to the existing elements of the applications, questionnaires,
workspaces, or dashboards. iViews that are not currently on the dashboards that are
selected for the package install are created.
Create Updates all elements in the applications, questionnaires, workspaces, and

New dashboards as specified in the package file. This includes adding new elements and
and updating existing elements. Existing iViews on the dashboards that are selected for
Update the package install are updated, and iViews that are not currently on the dashboards
that are selected for the package install are created.
5. Under Layout, select an option for each selected component:
Option Description
Do not Installs the component, but does not change the existing layout. This is useful if
Override you have a lot of custom fields and formatting in your layout that you do not want
Layout to risk losing.
You may have to modify the layout after installing the package to use the changes
made by the package.

Option Description
Override Updates the layout as specified in the package file, overwriting the existing layout.
Layout
6. Click Install.
7. Click OK.
Reviewing the Package Installation Log

When a package is installed, RSA Archer GRC saves a log file documenting the installation. A log
file is generated for all installations, both successful and unsuccessful. By default, this log file is
located in the Logs folder designated during the RSA Archer GRC installation, for example,
C:\Program Files\RSA Archer\Logs.
Review the package installation log
1. Go to the Package Installation Log tab of the Install Packages page.
c. Click the Package Installation Log tab.
2. Click the package that you want to view.
3. In the Package Installation Log page, in the Object Details section, click View All Warnings.
The types of messages are:
l Failures cause the installation to quit.
l Catastrophic failure. A global failure that stopped the installation and rolled back all
updates.
l Minor failure. A particular object failed to install.

Failure messages
Message
Description
Type
Catastrophic Package installation failed. Unable to save <application or questionnaire

Failure name> <level name>.

Failure name>. No solutions available for the questionnaire.
Catastrophic Package installation failed. Target level for Questionnaire <questionnaire

Failure name> was not found.

Failure name> due to mismatching application levels.
Catastrophic Package installation failed. Critical object failed to save due to validation.
Failure The error Log Reference ID is: <log ID>.
Catastrophic Package installation failed. Critical object failed to save due to an exception.
Failure The error Log Reference ID is: <log ID>.
Minor Object Installation Failed. Unable to save layout object <layout object
Failure name>.
Minor The level for Field Filter Property <field filter property name> was not found.
Failure The property was not installed.
Minor The module for Field Filter Property <field filter property name> was not
Failure found. The property was not installed.
Minor Unable to update <values list name>. Cannot change a Global Values List to
Failure a Custom Values List.
Minor Unable to update Navigation Menu <application or questionnaire name>.

Failure Field <field name> not found.
Minor The module for Questionnaire Campaign <questionnaire campaign name>

Failure was not found. The campaign was not installed.
Minor The level for Questionnaire Rule <questionnaire rule name> was not found.
Failure The rule was not installed.
Minor Advanced workflow HTTP request error: 404 not found.

Failure

Message
Description
Type
Minor Advanced workflow import: Cannot install the new advanced workflow
Failure because the target component has active jobs that are using a different
version of the workflow.
Minor Advanced workflow import: Cannot find process reference in the

Failure configuration file.
Minor Advanced workflow import: Failed to upload the archive configuration file.
Failure
Minor Advanced workflow import: Cannot get the archive tree with key {0}. ({0} is
Failure the key generated by the Advanced Workflow during workflow import.)
Minor Advanced workflow import: Cannot find process object in the archive tree
Failure with key {0}. ({0} is the key generated by the Advanced Workflow during
workflow import.)
Minor Advanced workflow import: Cannot start the import request for the process
Failure {0} with key {1} and importOption {2}. ({0} is the process id generated by
the Advanced Workflow, {1} is the key generated by the Advanced
Workflow. during workflow import, {2} is the importOption parameter.
Currently importOption is set to 1, which is “Always Replace”)
l Warnings allow the installation to continue with items that you should manually remediate. An
attribute of an object could not be updated or otherwise needs to be reviewed.
Warning messages
Message
The following access role referenced on the Access tab could not be resolved: <access role
name>.
Cannot change the status of Application <application name>. Updating the status of an
application via package installation is not allowed.
Cannot change Values List Type of <values list type name> from Questionnaire.
Attempted to change system field type for field <field name>. Field install was skipped.
The calculated field <field name> in the application <application name> cannot be verified.

Message
<application or questionnaire name> Apply Conditional Layout Actions <action name> were
updated due to page layout discrepancies.
Content <content ID> was not found in the target instance.
Content not found.
The following application or questionnaire referenced on the Access tab could not be
resolved: <application or questionnaire name>.
Field Filter Property Value <field filter property name> was not found and removed from a
collection.
Field <field name> was not found and removed from a collection.
Sort field : <field name> was not found in the target instance and was removed from report :
<report name>.
Display field : <field name> was not found in the target instance and was removed from
report : <report name>.
Field : <field name> used for grouping, was not found in the target instance and was
removed from report : <report name>.
Contained Display field : <field name> was not found in the target instance and was
Field : <field name> used for calendars, was not found in the target instance and was
Field : <field name> used for map pins was not found in the target instance and was
Field : <field name> used for map addresses was not found in the target instance and was
Field : <field name> referenced by a statistic step was not found in the target instance and
was removed from report : <report name>.
Field : <field name> referenced by a subform statistic step was not found in the target
instance and was removed from report : <report name>.
Field : <field name> used for charting was not found in the target instance and was removed
from report : <report name>.

Message
Field : <field name> used for display widths was not found in the target instance and was
Questionnaire Reviewer field : <field name> was not found in the target instance and was
removed from campaign : <report name>.
Questionnaire Submitter field : <field name> was not found in the target instance and was
removed from campaign : <report name>.
Field : <field name> was not found in the target instance and the condition was removed
from the filter.
Subform Field : <field name> was not found in the target instance and the condition was
removed from the filter.
Field : <field name> referenced for value matching was not found in the target instance and
the condition was removed from the filter.
Field : <field name> used for a placeholder was not found in the target instance and was
removed from notification : <notification name>.
Event Action Authorization field : <field name> was not found in the target instance and
was removed from event action : <event action>.
Score Card Related field : <field name> was not found in the target instance and was
removed from Cast Score Card field : <field name>.
Cast Related field : <field name> was not found in the target instance and was removed
from Cast Score Card field : <field name>.
Subform Display field : <field name> was not found in the target instance and was removed
from subform : <subform name>.
Subform Sort field : <field name> was not found in the target instance and was removed
from subform : <subform name>.
Inherited User/Group field : <field name> was not found in the target instance and was
removed from field : <field name>.
Inherited Related Level field : <field name> was not found in the target instance and was
Cross Reference View/Edit Display field : <field name> was not found in the target
instance and was removed from field : <field name>.

Message
Cross Reference View/Edit Sort field : <field name> was not found in the target instance
and was removed from field : <field name>.
Related Record View/Edit Display field : <field name> was not found in the target instance
and was removed from field : <field name>.
Related Record View/Edit Sort field : <field name> was not found in the target instance and
was removed from field : <field name>.
History Log Field Selection field : <field name> was not found in the target instance and
was removed from history log field : <field name>.
Contained Reference field : <field name> was not found in the target instance and was
removed from multi-reference field : <field name>.
Questionnaire Reference field : <field name> was not found in the target instance and was
The following notification referenced in a Generate Notification DDE action cannot be

resolved: <notification name>.
Group <group name> was removed from <module authorization>. The group could not be
found.
Level <level name> was not found and removed from a collection.
The following dashboard referenced in a link cannot be resolved: <dashboard name>.
The following application or questionnaire referenced in a Quick Search iView could not be
resolved: <application or questionnaire name>.
The following report referenced in a link cannot be resolved: <report name>.
The following solution referenced in a link cannot be resolved: <solution name>.
The following page referenced in a link cannot be resolved: <page name>.
The level for Navigation Menu <application or questionnaire name> was not found.
The following module referenced in the Navigation Menu could not be resolved:
<application or questionnaire name>.
The following solution referenced in a workspace cannot be resolved: <solution name>.
There are no Solutions associated with <application or questionnaire name>.

Message
<report name> report could not be created. There are no display fields for this report.
The following field referenced in a notification cannot be resolved: <field name>.
The following report referenced in a notification cannot be resolved: <report name>.
Numeric Range Value <numeric range value> was not found and removed from a
collection.
<object name> Alias was changed from <old alias name> to <new alias name>.
Object was not saved due to an exception. The error Log Reference ID is: <log ID>.
Object was not saved due to failing validation. The error Log Reference ID is: <log ID>.
<field name> in the application <application or questionnaire name> cannot be changed

from a private field to a public field.
The Notifications Enabled option for the <questionnaire name> Questionnaire was changed.
Cannot change the status of Questionnaire <questionnaire name>. Updating the status of a
questionnaire via package installation is not allowed.
Read Receipt disabled for <application name> application <DDE action name> action.
Unable to update workflow. Content records are tied to the following workflow stages:
<workflow stage names>.
Unable to update the solution attribute for <application or questionnaire name>.
User <user name> was removed from <module authorization>. The user could not be found.
Values List Value <values list value name> was not found and removed from a collection.
Map Pin Value List Value : <values list value name> was not found in the target instance
and was removed from report: <report name>.
Questionnaire Quarter Value List Value : <values list value name> was not found in the
target instance and was removed from campaign: <campaign name>.
Questionnaire Year Value List Value : <values list value name> was not found in the target
instance and was removed from campaign: <campaign name>.
Matrix Column Values List Value : <values list value name> was not found in the target
instance and the condition was removed from the filter.

Message
Matrix Row Values List Value : <values list value name> was not found in the target
Values List Value : <values list value name> was not found in the target instance and the
condition was removed from the filter.
Cast Score Card Values List Value : <values list value name> was not found in the target
Calculation Formula Values List Value : <values list value name> was not found in the
target instance.
The following notification referenced in a Workflow stage cannot be resolved: <notification

name>.
Notifications Enabled option for <application name> Application was changed.
Mobile Ready status was removed from Questionnaire.
The advanced workflow was installed, but is inactive. Please review and activate.
4. Click Close.
Deleting Packages
Complete this task to delete a package that is no longer needed. Package files that were generated
from the package may still be available. Deleting a package does not delete any log files that were
generated during package installation.
Delete a package
1. Go to the Manage Packages pages page.
2. Click in the row of the package that you want to delete.
3. Click OK to delete the package.

Chapter 16: Search and Reporting for

Administrators
Note: This section covers administrative options for search and reporting. For more detailed
information about using the features, see the Using Search and Reporting topic in the RSA Archer
GRC Online Documentation.
Reports are saved search criteria that you can run again at a later time. The Management Reporting
feature enables you to create and manage custom reports in any application. RSA Archer GRC also
offers out-of-the-box system reports for various features, such as application or access control
reports.
There are two types of reports:
l Personal reports are only accessible by the person who created the report and the system
administrator.
l Global reports are accessible to all users in an application or to selected users and user groups.
Use the Management Reporting feature to do the following:

l Create and manage custom reports in an application or questionnaire.
l View all system, global, and personal reports from the Master Reports Listing page.
l Define templates for exporting reports to external data files, such as Microsoft Word or Excel
files.
l Define Mail Merge templates for exporting reports with mail merge fields to Microsoft Word
documents.
Multi-lingual searches
Filtered searches that look for matches in selected fields can find and display matched content in any
language in which users enter content. Keyword searches can be set up by an administrator to find
content in only the design language of an RSA Archer component, or in the design language and all
other languages in which users enter content. To enable multi-lingual keyword searches, an
administrator must adjust the setting for search index contents in the RSA Archer Control Panel to
include all languages.

System Reports
RSA Archer GRC has default system reports for the following features.
Access control reports

Access Control includes predefined reports.
Access these reports by selecting View Access Control Reports from the Access Control menu.
Click Export Account Data to export read-only account data to a series of .CSV files, which are
then compressed into a single .ZIP file.
Report Description
Access Provides a summary of the access control rights associated with a given access role.
Control A role is defined as a collection of access control rights that can be assigned to a
Rights by unique group of users. You can filter this report by role, application, and page type.
Role
Access Provides a summary of the access control rights currently assigned to a given user.
Control For each page in RSA Archer GRC, you can view the create, read, update, and
Rights by delete privileges of a user. You can filter this report by user, application, and page
User type.
Application Lists the users and groups who have been assigned ownership rights over individual
Owners applications. You can filter the list by application, questionnaire, and owner.
Failed Lists all failed login attempts within the past twenty-four hours.
Login
Attempts
Locked Lists all user accounts that are currently locked. The report also includes the time
Accounts and date that each user account was locked.
Members Lists users by the user group to which the users belong. You can filter the list by
by Group user group.
Roles by Lists all groups with a corresponding description and the roles associated with each
Groups user group. You can filter this report by user group or role.
Roles by Provides a summary of the access control rights assigned to the applications in a
Solution solution. For each application, you can view all of the associated roles and the
respective content access. You can view all roles associated with the create, read,
update, or delete rights of a user for each application in RSA Archer GRC. You can
filter this report by solution, application, or role.

Report Description
Security Lists events related to access control and global report permissions for monitoring
Events the security of RSA Archer GRC. You can filter the report by event type or by date
range.
If the reports exceeds 10,000 records, a warning message is displayed. Do one of the
following:
l To modify the search parameters, click OK.
l To include all records in a .csv file, click Download the entire report data in
CSV.
Security Lists the properties of all security parameters that have been defined within the
Parameter system. A security parameter specifies rules for password creation, password
Properties change enforcement, account-lockout duration, and session time-out behavior.
Subform Lists the users and groups who have been assigned ownership rights to individual
Owners sub-forms. You can filter the list by sub-form.
User Provides an inventory of all existing user accounts. This report displays the last
Accounts name, first name, user name, and account status for each user in RSA Archer GRC.
All You can filter the report by access role and account status.
If the report exceeds 10,000 records, a warning message is displayed. Do one of the
following:
l To modify the search parameters, click OK.
l To include all records in a .csv file, click Download the entire report data in
CSV.
To determine the number of user accounts in RSA Archer GRC, export the User
Accounts All report to a .csv file and note the number of line items in the
spreadsheet.
User Lists the users whose accounts have remained inactive for a specific period. You
Inactivity can filter the report by inactive date and last accessed date range.
Log
Application reports
Access these reports by clicking on the Manage Applications page.

The following table describes the reports available for each application in RSA Archer GRC.

Report Description
Application Shows the configuration, including the formula, for each calculated field in the
Calculation application.
Summary
Application Lists the custom objects and their associated content in the application.
Custom
Object
Summary
Application Lists the data driven events in the application, including the description, action type,
Data- and status.
Driven
Events
Summary
Application Provides detailed information about each field in the application, including field ID,
Detail description, Help text, field help options, field type, control type, selected
configuration options, access, and so on. It also contains notification and content
review information.
Application Shows the configuration of each field within the application.

Field Detail
Application Shows the notification templates associated with the application and the
Notification configuration for each, including the assigned users and groups.
Detail
Application Provides a summary of the access control rights for private fields in the application.
Private It contains all private fields that give a user or group full access, cascade, or read-
Fields only privileges.
Application Shows the record permissions configurations in the application for manual selection
Record (including rule name and description, if applicable), inherited permissions, and
Permissions automatic selection.
Summary
Application Lists all field types in the application. It includes a count of each field type and the
Summary total number of standard and calculated fields.
by Field
Type

Report Description
Application Lists the values and configuration for each Values List field in the application.
Values List
Summary
Page Hits Provides information about the number of times application pages have been
accessed by different users during a given time frame. Pages are grouped in this
report by application. The report shows the number of times each page has been
accessed, and it also contains the total percentage of all page hits in the system and
each application portion of that total.
Record Provides details of the date and time users accessed a particular application record.
View
Detail
Record Provides a summary of the content records that have been accessed by all users
View during a given time frame. It also shows the number of content records in each
Summary application and the number of times a record has been accessed in each application.
In addition, the report contains the total percentage of all content hits in the system
and each application portion of that total.
Discussion forum reports
Report Description
Discussion Provides a list of each discussion forum, including the name, the community it resides
Forums in, the number of topics in the forum, the total number of posts in each forum, and the
Summary date and time of the last post to the forum.
My Provides a list of discussion forums for which you are a member. It shows the name
Discussion of each forum, the community it resides in, the topics included in it, the number of
Forums posts in each forum that you have or have not read, the total number of posts in each
forum, and the date and time of your last visit to each forum.
Notification reports
To access these from the menu bar, click . Under Notifications, click View Notification
Reports.

Report Description
Notification Provides the number of successful and failed notification email deliveries within
Engine the last 24 hours.
Recent
Activity -
Last 24
Hours
Notification Provides the notification templates to which users have subscribed. The report
Subscriptions displays the template, user name, recipient email address, notification type, and
application for each notification.
Notifications Provides a list of notification emails that failed delivery. It lists the users whose
Failed Email mailbox the email attempted to reach, the email address of the recipient, the date
Attempts and time of the last email attempt, and the total number of delivery failures.
Notification Provides the status of emails triggered by notification templates that are configured
Return to request read receipts. The report shows when each email was sent, whether the
Receipts user who received each email responded to the read-receipt request, and the date
and time of each response.
Notifications Provides a list of all notification emails that have been sent. It lists the email ID,
Sent the user who received the email, the email address of the recipient, and the From
address for the email. The report also shows the notification template that triggered
each email, the subject line of each email, and the date and time each email was
sent.
Questionnaire reports
To access these reports click for the questionnaire on the Manage Questionnaires page.
Report Description
Question This report lists each question within a questionnaire, along with their attributes.
Detail For Values List questions, the report also shows each answer and its attributes.
Questionnaire This report presents a bar chart indicating the answers for each Values List
Answer question and the distribution across all responses. You can filter the report by
Distribution questionnaire, category, or question. You also can click the question to view the
by Question Questionnaire Results By Question Detail report, which contains information
about each question.

Report Description
Questionnaire This report shows the configuration, including the formula, for each calculated
Calculation field within a questionnaire.
Summary
Questionnaire This report presents a bar chart of the compliance percentage for each
Compliance authoritative source within one questionnaire or across questionnaires. You can
by filter the report by questionnaire. You also can click the category to view the
Authoritative Questionnaire Results by Authoritative Source report.
Source Chart
Questionnaire This report presents a bar chart of the compliance percentage for each category
Compliance within a questionnaire. You can filter the report by questionnaire. You can click
by Category the category to view the Questionnaire Results by Category report.
Chart
Questionnaire This report presents a bar chart of the compliance percentage for each question
Compliance within a questionnaire. You can filter the report by questionnaire or category. You
by Question also can click the category to view the Questionnaire Results by Question report.
Chart
Questionnaire This report lists the custom objects and their associated content within a
Custom questionnaire.
Object
Summary
Questionnaire This report lists the data driven events within a questionnaire, including the
Data Driven description, action types, and status.
Events
Summary
Questionnaire This report provides detailed information about each field within a questionnaire.
Detail
Questionnaire This report shows the configuration of each field within a questionnaire.
Field Detail
Questionnaire This report shows the notification templates associated with a questionnaire and
Notification the configuration for each, including the assigned users and groups.
Detail

Report Description
Questionnaire This report provides a summary of the access control rights for private fields
Private Fields within a questionnaire. It lists all private fields that give a user or group full
access, cascade, or read-only privileges.
Questionnaire This report shows the record permissions configurations within a questionnaire for
Record manual selection, inherited permissions, and automatic selection Record
Permissions Permissions fields.
Summary
Questionnaire This report lists the results associated with each authoritative source attributed to
Results by one questionnaire or across questionnaires. You can filter the report by
Authoritative questionnaire, category, or authoritative source. You also can click the key field to
Source view general and reference content information about the field.
Questionnaire This report lists the results associated with each category within a questionnaire.
Results by You can filter the report by questionnaire or category. You also can click the
Category category to view the Questionnaire Results by Question report.
Questionnaire This report lists the results associated with each question within a questionnaire.
Results by You can filter the report by questionnaire, category, or question. You also can
Question click the question name to view the Questionnaire Results by Question Detail
report, which contains more information about the question.
Questionnaire This report presents a bar chart of the score for each authoritative source within
Score by one questionnaire or across questionnaires. You can click the authoritative source
Authoritative to view the Questionnaire Results by Authoritative Source report.
Source Chart
Questionnaire This report presents a bar chart of the score for each category within a
Score by questionnaire. You can filter the report by questionnaire. You also can click the
Category category view the Questionnaire Results by Category report.
Chart
Questionnaire This report lists all field types within a questionnaire. It includes a count of each
Summary by field type and the calculated fields as well as the total number of standard and
Field Type calculated fields.
Questionnaire This report lists the values and configuration for each Values List field within a
Values List questionnaire.
Summary
Solution reports
To access these reports click

on the Manage Solutions page.
Important: To view the Solution Diagram reports, you must have a copy of Microsoft Office Visio
or Visio Viewer installed on your computer. Select to enable macros the first time a drawing is
opened, which ensures proper placement of the connectors on the drawing. Once the drawing is
saved after enabling macros the first time it was opened, the settings are saved and the drawing is
displayed properly on subsequent openings regardless of your choice to enable or disable macros
when opening the file.
Report or
Description
Diagram
Roles by Provides a summary of the access control rights assigned to the applications in
Solution the solution. For each application, you can view all of the associated roles and
their respective content access. You can filter this report by solution,
application or role.
Solution Produces a Visio diagram that contains the applications in a solution with all the
Diagram - All fields listed. Arrows in the diagram represent cross-reference relationships
Fields among applications and fields, along with the following information for each
application:
l Application name
l Application ID and GUID
l Application status (Production, Development, and so on)
l Number of records by data level
l Names of the key fields
l Names of all fields with their field type to understand the abbreviations used
in the solution diagram.)
l Names of all global Values List fields with the name of the global values list
Arrows in the diagram represent relationships among applications and

questionnaires across solutions.
Solution Shows the solutions contained in the system with their IDs and GUIDs, and a
Diagram - All listing of all applications contained in each solution. Arrows in the diagram
Solutions represent relationships among applications and questionnaires across solutions.

Report or
Description
Diagram
Solution Shows the solutions contained in the system with their IDs and GUIDs, and a
Diagram - listing of all applications contained in each solution. Arrows in the diagram
Application represent cross-reference relationships among applications and questionnaires
Relationships by contained in the solutions.
Solution
Solution Produces a Visio diagram that shows the solution name, instance name, and
Diagram - Platform version number, along with the following information for each
Application application:
Summary
l Application name
Arrows in the diagram represent cross-reference relationships among

applications.
Solution Produces a Visio diagram that shows the solution name and Platform version
Diagram - Field number, along with the following information for each application:
Statistics
l Application name
l Total number of fields
l Number of fields by type (Date: 2, Numeric 3, and so on)

applications.

Report or
Description
Diagram
Solution Produces a Visio diagram that shows the solution name, instance name, and
Diagram - RSA Archer GRC version number, along with the following information for
Relationship each application:
Fields
l Application name
l Names of the key fields
l Names of all relationship fields (Cross-Reference, Related Records, and

Cross-Application Status Tracking) with their field type to understand the
abbreviations used in the solution diagram.)
l Names of all global Values List fields with the name of the global values list

applications.
Solution Shows the solutions contained in the system with the solution IDs and GUIDs.
Diagram - Arrows in the diagram show the relationships among applications and
System Solution questionnaires across solutions.
Summary
Solution Provides a listing of applications and questionnaires in the solution and their
Summary descriptions. For leveled applications, the level names and descriptions also are
listed.
Sub-Form reports
A Sub-Form Detail Report is available for each sub-form in RSA Archer GRC. To access these
reports click on the Manage Sub-Forms page.

For each field within the sub-form, the following general information is provided:
l Field Name
l Field ID

l Field Type
l Status
l Description
l Display Control
l Field Permissions
Training and Awareness reports
Report Description
Campaign Provides a detailed list of Training and Awareness events. For each event, the report
Events provides a summary of event properties by event. You can filter this report by
campaign and event.
Campaign Allows you to view individual user responses to Training and Awareness events. You
Response can view the name of each user who participated in an event, the event name, the
Detail response type, the response date, and any comments the user included in the response.
You can filter this report by campaign, event, and response type.
Campaign Provides a summary of responses for individual events within Training and Awareness
Response campaigns. For each event, you can view the event name, status and type. You can
Summary also view the number of users who responded to the event, broken down by response
type. You can filter this report by campaign.
Campaign Lists all events within individual Training and Awareness campaigns and provides the
Status current status of each event. You can filter this report by campaign.
Details
Campaign Provides a summary of all Training and Awareness campaign statuses, including the
Status number of completed, empty, in progress, and queued campaigns.
Summary
Quiz Provides the question details for Training and Awareness quizzes. For each quiz
Event question, you can view the percentage of users who selected each answer. You can
Question filter this report by campaign, quiz, and question.
Detail
Quiz Provides the results for Training and Awareness quizzes. For each quiz, you can view
Event results for individual participants, including the percentage of questions each user
Results answered correctly and the number of times each user retook the quiz. You can filter
Detail this report by campaign and by quiz.

Report Description
Quiz Provides the results for Training and Awareness quizzes. For each quiz, you can view
Event the number of users who passed or failed the quiz and the number of users who
Results skipped the quiz or never responded. You can filter this report by campaign and by
Summary quiz.
Quiz Provides the user details for Training and Awareness quizzes. For each quiz question,
Event you can view the user entry, the correct answer and the status (correct or incorrect) of
User the user entry. You can filter this report by campaign, quiz, and user.
Detail
Using the Master Report Listing

The Master Report Listing page displays global and personal reports. You can filter the reports
displayed on the Master Report Listing page by name, solution. application, or type.
Note: Only users who have global report administration rights can add, edit, and delete global
reports from the Master Report Listing.
Add a report
1. Go to the Master Report Listing page.
b. Under Management Reporting, click Master Report Listing.
2. Click Add New.
3. Select an application.
4. Click OK.
5. Run a search.
6. Save the search results as a report.
Run a report

2. (Optional) Use the Grouping and Filter toolbars to filter and sort the list.
3. Select the report.
Print a list of reports
2. Click Print.
3. In the Print dialog box, click Print.
Delete a report
2. In the row of the report that you want to delete, click .
3. Click OK.
Defining Report Export Templates

Define templates for reports that you want to export to external data files by uploading Microsoft
Word and Excel templates. Microsoft Word templates are used for data exports in Word or
PDF format. Microsoft Excel templates are used for Excel exports. You can also create a custom
header and footer for HTML exports.

Add a template for record exports
1. Go to the Manage Global Print and Export Settings page.
b. Under Management Reporting, click Global Print and Export Settings.
2. To add an RTF template, do the following:
a. In the RTF Configuration section, click Add New.
b. In the File Upload dialog box, click Add New.
c. Browse and select the .doc or .docx file you want to upload.
d. Click OK.
3. To add an Excel template, do the following:
a. In the Excel Configuration section, click Add New.
b. In the File Upload dialog box, click Add New.
c. Browse to and select the file.
d. Click OK.
4. (Optional) To specify the template as the default, select the Default option.

Create a custom header and footer for HTML exports
b. Under Management Reporting, click Manage Global Print and Export Settings.
2. In the HTML Configuration section, enter the text in the Header and Footer fields.
Note: You can use the Rich Text Editor toolbar to format the text.


Delete a template for record exports
b. Under Management Reporting, click Manage Global Print and Export Settings.
2. In the row of the template that you want to delete, click .


Chapter 17: Dashboards, iViews, and Workspaces

Note: This topic is intended for administrators. For an overview for users, see Workspaces,
Dashboards, and iViews topic in the RSA Archer GRC Online Documentation.
The Workspaces and Dashboards feature is designed to allow organizations to promote security
awareness and efficient, effective communication by providing users with quick access to
information and tools related to their job functions.
Through Workspaces and Dashboards, administrators create dashboards and iViews to display
reports, links, embedded web pages, RSS feeds, and other custom content. Administrators can
display these iViews to end users through workspaces, which are pages of related content.
Example: Workspace, dashboard, and iViews
By grouping iViews with related content into dashboards and applying those dashboards to
workspaces, you can create custom views for specific user audiences. For example, a Workspaces
and Dashboards administrator could create an Incident Management workspace for personnel
involved in investigating and resolving security incidents. This workspace could contain iViews that
display investigation assignments in each user’s queue, which show the status of all unresolved
investigations and provide links to internal and external resources.

iViews can provide users at all levels in your organization hierarchy with the information they need
to make decisions, complete tasks, and stay up to date. Examples of content that may be displayed
through iViews include content review queues, links to security policies, links to industry or
regulatory sites, embedded web pages, recent vulnerability alerts, company financial information,
technology-related links and news, logon information, and security questions and answers. All of this
information will be displayed on a dashboard, allowing users to click between the iViews or view
them all at once.
Users access a workspace by clicking the workspace tab at the top of the page. As an administrator,
you can customize each workspace and the Navigation Menu to display only solutions with related
content, allowing users to access the information and tools they need without having to sort through a
lengthy menu of solutions and applications. For example, if a user clicks the Policy Management
workspace tab, the Navigation Menu might display only applications that reside in the Policy
Management solution.
If you have access to at least one page in RSA Archer GRC features, you can view the
Administration workspace that provides access to an administrative dashboard that has links and
reports displayed through iViews. In addition, you can access RSA Archer GRC features such as
Access Control, Workspaces and Dashboards, and Application Builder from this workspace.
Caching search results

To improve performance, Report iViews can display cached search results. When caching is
enabled, cached Report iViews include a Cached Report message. Caching requires configuration
of a caching provider before it can be enabled.
You can enable and disable the global caching behavior for Report iViews in the RSA Archer
Control Panel. Users can adjust caching behavior for individual Report iViews on the Save Report
page. Users can also manually refresh a cached Report iView to display updated results.
Users can click a Report iView window to open the list of records found by its associated search.
Selecting a record from the list opens the record for viewing or editing based on the permissions of
the user. Changes made to a record are reflected in the iView immediately after the changes are
saved.
Building Workspaces
Workspaces are tabbed groupings of dashboards and iViews with related content. Click the
Workspace tab at the top of any page to access a workspace.
Note: When there are more tabs than can fit across the top of the page, a More tab displays to the
right of the workspace tab strip to allow you to select from a list of workspaces.

Each time an Application Builder administrator creates a new solution, a workspace is automatically
created for that solution. The workspace shares the solution name, and access to the workspace is
granted to the administrator who created the solution. Once a solution-based workspace is created,
Workspace and Dashboard administrators can configure the workspace properties, including its
content, Navigation Menu settings, and access rights.
Create a workspace
1. Go to the Manage Workspaces page.
b. Under Workspaces and Dashboards, click Workspaces.
l To create a new workspace, click Create a new Workspace from scratch.
l To create a workspace from an existing workspace, do the following:
a. Select Copy an existing Workspace.
b. Select the workspace that you want to copy from the Workspaces list.
3. Click OK.

Add quick reference links to a workspace

Quick Links are useful for providing fast access to frequently viewed features.
1. Go to the Quick Reference tab of the workspace that you want to modify.

c. Select the workspace.
d. Click the Quick Reference tab.
2. Click Add New Link in the Quick References Links list.
3. From the Type list, click the quick reference type you want.
Option Action
Internal Allows the user to link to internal pages and functions.

Page
Report Allows the user to link to personal and global reports.
Dashboard Allows the user to link to personal and global dashboards.
External Allows the user to create links to external sites. When a user clicks the link, the
Link external site is displayed in the workspace section.
Solution Allows the user to link to personal and global solutions. Make a selection from the
Link To list and select the target solution from the Available list. Click OK.
Content Allows the user to link to personal and global records.

Record
4. Define the properties of the quick reference link.
Add an internal page
1. In the Link To field, select the target page from the Available list.
2. Click OK.
3. Enter the name of the link in the Display Name field and a description in the Description
field.
Add a report
1. In the Link To field, select the target report from the Available list.
2. Click OK.
field.

Add a dashboard
1. In the Link To field, select the target dashboard from the Available list.
2. Click OK.
field.
Add an external link
1. In the Link To field, supply a URL.
2. In the Action field, select either Embed in existing window, or Open in new window to
determine how your link will open.
field.
Add a solution
1. In the Link To field, select a solution from the Available list.
2. Click OK.
Add a content record
1. Click to make a selection from the Record Lookup list.
2. Select the target record and click OK.
field.

Create folders for a quick reference link
1. Go to the Quick Reference tab of the workspace that you want to modify.

d. Click the Quick Reference tab.
2. To add a folder, click Add New Folder in the Quick Reference Links list.
3. In the Display Name field, enter a name for the folder.
4. (Optional) To organize the folder, drag and drop the folder name in the Quick Reference Links
section.
5. (Optional) To organize the links, drag and drop the link names in the Quick Reference Links
section.

Add or remove workspaces to display

You can customize your workspace tab strip to show only the workspaces that you use.
1. Click your UserName menu on the workspace menu bar.
2. Click Workspace Display.
3. In the Select Workspaces section do either of the following:
l Select the checkbox beside each workspace that you want to display.
l Deselect the checkbox beside each workspace that you want to remove from the display.
4. Click Save.
Delete a workspace
Deleting a workspace permanently removes the workspace and any personal associated dashboards
from the database. Deleting a workspace does not delete any global dashboards associated with the
workspace.

2. Click in the Actions column.
3. Click OK.
Building Dashboards
Dashboards are groupings of global iViews with related content.
Use the Dashboard list in the page toolbar to select a dashboard within a workspace.
Administrators group multiple iViews into a single dashboard to allow user to access multiple
iViews from one workspace. Administrators can build global dashboards and enable users to build
personal dashboards.
l Global dashboards. Can be viewed by all users assigned global access by administrators on the
Access tab of the Manage Dashboards page. Only adminstrators can edit global dashboards.
Users can rearrange global dashboards. Any modifications to the layout or size of the iViews are
saved only to the users current session.
l Personal dashboards. Can be created and viewed by all users assigned access by group, user,
role, or solution on the Access tab of the Manage Dashboards page. Personal dashboards are
specific to the user and are not confined to the user's current session only. Users can modify the
layout and size of the iViews, and the changes are saved in real time.
Before you begin

l Build a workspace.
Build a dashboard
1. Go to the Manage Dashboards page.
b. Under Workspaces and Dashboards, click Dashboards.

l To create a new dashboard, Click Create a new Dashboard from scratch.
l To create a dashboard from an existing dashboard, do the following:
a. Click Copy an existing Dashboard.
b. Select a dashboard to copy from the Dashboards list.
3. Click OK.
5. In Layout design, in the Column Layout section, select the column layout for the dashboard.
6. (Optional) Attach documentation to your dashboard.
8. Click Select iViews and do one of the following.
l Build a new Global iView from scratch.
a. Select the type of iView you want to create.
b. Build a Global iView.
c. Click OK.
l Select from Global iView Library.
a. Check the iViews for the dashboard.
b. Click OK.
9. Click the Access tab, and select either Public or Private.

Update a dashboard display
Important: You can configure personal dashboards only if you have been granted access by your
RSA Archer GRC administrator.

1. From the menu bar, click the workspace to which you want to add a dashboard.
2. From the Options list, do one of the following:
l To add a new dashboard to the workspace, select Add New Global Dashboard or Add New
Personal Dashboard.
l To edit an existing dashboard, select Edit Global Dashboard Properties or Edit Personal
Dashboard.
3. On the Manage Dashboards page, enter the name of the dashboard and a description that you
want in the General section.
4. Chose your column layout in the Layout section.
5. (Optional) Add documentation to your dashboard.
6. Click OK.
7. If you are adding a new dashboard to the workspace and want to update the iView content, do
the following:
a. On the iView Type Selection page, from the Name list, select the iViews that you want to
display in your dashboard.
b. Click OK.
8. If you are editing an existing dashboard and want to update the iView content, do the following:
a. From the Options list in the page toolbar, select Add iView Content.
b. On the iView Type Selection page, from the Name list, select the iViews that you want to
display in your dashboard.
c. Click OK.
Delete a dashboard
1. Go to the Manage Dashboards page.
b. Under Workspaces and Dashboards, click Dashboards.
2. In the Actions column of the dashboard you want to delete, click .
3. Click OK.

Delete a dashboard from a workspace

The deletion removes the dashboard from the workspace but does not delete it from the dashboard
database. Global iViews associated with the dashboard are not deleted. You can only permanently
delete dashboards if you have been granted administrative permission.
1. From the menu bar, click the workspace that contains the dashboard that you want to delete.
2. From the Options menu, select Edit Workspace Properties.
3. On the Manage Workspaces page, click the Dasboards tab.
4. Click to delete the dashboard.
5. Click Save.
Building Global iViews

iViews are configurable according to the specific iView type.
For example, for a Report iView, you can include one or many reports, determine the selection order
of the reports in the iView and identify the report that is initially displayed to the user. Additionally,
you can allow horizontal scrolling for any of the selected reports to extend the report contents
beyond the width of the iView.
iView types
iView
Description
Type
Canvas Displays predefined templates with various presentations for content and graphics.
Custom Displays custom text, HTML, or Flash presentations or to execute custom scripts,
such as JavaScript.
Embedded Embeds entire web pages directly in an iView.

URL
Links List Displays links to websites, intranet sites, and frequently used internal application
pages in a single iView.
Report Displays global reports in a single iView. In addition, you can display charts
generated through a statistics search.
Quick Displays search criteria options in an iView for the user to search records across
Search applications.

iView
Description
Type
RSS Feed Displays data from an RSS feed. RSS feeds contain headlines and summary
information from articles on websites supporting RSS.
Video Embeds video directly in an iView using HTML.
Before you begin

1. Build a workspace
2. Build a dashboard
Build a global iView
1. Go to the Manage Global iViews page.
b. Under Workspaces and Dashboards, click Global iViews.
l To create a new iView, select Create a new Global iView from scratch.
a. Select the type of global iView you wish to create.
b. Click OK.
l To create a global iView from an existing iView, click Copy an existing Global iView.
a. Select the Global iView you wish to copy.
3. Click OK.
4. Complete the setup for your iView
Build a canvas iView
1. In the General Information section, enter the name and a description.
2. In the Folder field, select or create a folder.
3. In the Options section, in the Canvas Style field, click to select a layout in the Selected
Layout Template dialog box.
4. Select the layout you want, and click OK.

5. Enter a name in the Title field
6. Enter the content in the Content field.
7. (Optional) In the Documentation section, click Add New to add documentation to your
iView.
Build a custom iView
3. In the Options section, in the Custom Content field, enter the content.
iView.
Build an embedded URL
3. In the Options section, in the URL filed, enter the URL you wish to embed.
4. (Optional) Select an option from the Refresh Rate list.
iView.
Build a links list iView
3. In the Options section, in the Layout field, select one of the following:
l Simple List: In the Configuration section that appears, do one of the following.
l Select a link from the Available Links field by double clicking it.
l Type in your own link and click Add.

l Descriptive list: In the Configuration section that appears, do the following:
a. In the General Information section, enter the name and a description.
b. Insert a link in one of two ways:
l Select a link from the Available Links field by double clicking a link.
l Type in your own link and click Add.
c. (Optional) In the Primary Graphic field, Add a graphic:
a. Click Add.
b. In the Available Graphics section, Click Add New.
c. In the Files to Upload section, Click Add New.
d. Select the file you wish to add and click OK.
e. Click OK again.
d. Click OK.
4. In the Options section, in the Column Display field, select One Column or Two Columns.
iView.
Build a quick search iView
3. In the Options section, in the column Display field, chose One Column or Two Columns.
4. (Optional) In the Description field, select Embed the iView description in the iView to
display the description in the iView.
5. (Optional)In the Search Button field click Add to add a search button.
a. In the Files to Upload section, Click Add New.
b. Select the file you wish to add and click OK.
c. In the Available Graphics section, Click Add New.
d. Click OK again.

6. (Optional) In the Applications section. click Add New to define the applications for the
search.
a. From the Application Name list, select the application that you want to associate the
iView to.
b. Make selections from the Visibility field and Defaulted Behavior field.
iView.
Build a report iView
3. In the Options section, in the Reports field, select the report or reports that you want
displayed in the iView from the Available Reports list.
4. To determine the selection order of the reports in the iView, highlight the report title and use
to arrange the reports in the preferred order.
Note: The first report listed is the report that is initially displayed to the user.
5. Select Enable Scrolling for each report that you want to allow horizontal scrolling.
iView.
Build an RSS feed iView
3. In the Options section, in the URL field, select an address from the URL list and enter the
URL address.
4. In the Feed Elements field, select the display options that you want.
5. In the Articles Displayed field, select the number of articles that you want displayed.
6. In the Refresh Rate field, select how often you want the feed refreshed.
7. In the Authentication field, select your authentication preferences.

8. In the Days Displayed field, select the number of days to display the feed.
iView.
Build a video iView
3. In the Embedded Video HTML field, enter the embedded HTML or the URL.
iView.

Create a new folder for a Global iView
1. Go to the General Tab of the iView that you want to modify.
c. Select the global iView.
2. In the General Information Section, in the Folder field, click Edit.
3. In the Manage Folders window, click Add New.
4. Enter the name of the folder and click OK.
5. In the Folder list, ensure the correct folder is selected.


Update an iView display
1. In the iView title bar, click and select Edit Properties.
2. In the Options section, edit the iView display as needed.
Note: The list of available menu options depends on the type of iView that you are viewing and
the access rights assigned to you by your administrator.
3. (Optional) To resize the iView, click, hold and drag the arrow in the bottom right corner of the
iView.
4. (Optional) To to move the iView, click and hold the title bar of the iView and drag and drop the
iView to the new location.
Delete a global iView

This permanently purges the dashboard from the database. Only administrators can delete global
iViews.
Important: If you delete an iView, it cannot be recovered.
1. Go to the Manage Global iViews page.
2. In the Actions column of the iView you want to delete, click .
3. Click OK.
Assigning Access Rights to iViews, Dashboards, and Workspaces

Access rights make iViews, dashboards, and workspaces either public to all users, or private so that
only a few users can view or use them.
Assign access rights to iViews, dashboards, and workspaces
1. Go to the Access tab of the global iView, dashboard, or workspace that you want to modify.

b. Under Workspaces and Dashboards, click Global iView, Dashboard, or Workspace.
c. Select the global iView, dashboard, or workspace.
d. Click the Access tab.
2. Select whether the global iView, dashboard, or workspace is public or private:
l Public: Allow all users in the system access to this iView, dashboard, or workspace.
l Private: Allow only specific users and groups access to this iView, dashboard, or workspace.
3. If you selected Private, select whether to assign or revoke access rights for the iView,
dashboard, or workspace from the Available list according to the following options:
a. In the Available list, expand the Group, User, Role, and Solution nodes.
b. Select the groups, users, roles, and solutions you wish to have access to the global iView,
dashboard, or workspace.
4. (Optional) To revoke access rights from a group, solution, role, or user, click in the Selected
list.

Attaching Documentation to iViews, Dashboards, and Workspaces

You can attach documentation to an iView, dashboard, or workspace.
Attach documentation to iViews, dashboards, and workspaces
1. Select the global iView, dashboard, or workspace that you want to update.
b. Under Workspaces and Dashboards, click Global iView, Dashboard, or Workspace.
c. Select the global iView, dashboard, or workspace.
3. Select the file that you want to upload and click OK.

4. To download attached documentation to the global iView, dashboard, or workspace:
a. Click the file name in the Name column.
b. Click Save in the File Download dialog box.
c. Select the location where you want to save the document and click Save.

Configuring Workspaces
Configure workspaces to display specific content.
Configure dashboards for a workspace
1. Go to the Dashboards tab of the workspace that you want to modify.
d. Click the Dashboards tab.
2. Click Select Dashboards.
3. Select the dashboards and click OK.

Configure the display order for dashboards within a workspace
1. Go to the Dashboards tab of the workspace that you want to modify.

d. Click the Dashboards tab.
2. Click Configure Display Order.
3. In the Dashboard Display Order dialog box, drag and drop the dashboards in the sequence that
you want them presented for the user, and click OK.
4. (Optional) To remove a dashboard from the workspace, click in the Actions column.

Configure the display order for workspaces
2. In the Workspaces toolbar, click Configure Display Order.
3. Drag and drop the workspaces into the sequence that you want them displayed as for the user.
4. (Optional) Click OK to return to the Manage Workspaces page.

Chapter 18: Customizing RSA Archer GRC

You can customize RSA Archer GRC as follows:
l Branding. Use the Appearance menu to customize colors and logos across the user interface to
match your brand.
l System Language. Use the Globalization features to adapt the user interface to appear in
languages and formats that meet the needs of different geographical and cultural regions.
Branding Your System

You can customize colors and logos in the user interface to match your brand using the Appearance
menu.
Note: If you are upgrading from an earlier version of RSA Archer GRC, you must set your
appearance. The themes from your earlier version do not convert.
Configurable options
Option Description
Primary Corresponds to the main color in the user interface, such as the menu bar, menus, and
color page headers.
Note: Some color choices may render the menu bar unreadable.
Secondary Corresponds to contrasting features, such as links and buttons.

color RSA recommends using darker colors since lighter colors make some text difficult to
read. Avoid using shades of light grey or white for a secondary color as it may make
the text on some buttons appear to be invisible.
Logo Designates the logo that appears in the lower right corner of the user interface.
Secondary Designates the image that appears next to the logo, such as a tag line.
graphic
Setting the primary and secondary colors
1. Go to the Appearance menu.

b. Click Appearance.
2. Choose one of the following:
l To change the primary color, select Primary Color.
l To change the secondary color, select Secondary Color.
3. Enter the color by doing one of the following:
l Select a color from the palate.
l Enter an HTML color number.
4. Click Choose.
5. Click Submit.
Note: If an administrator changes the color scheme while you are working, the colors update when
you move to a different page.
Selecting your logos
l To change the logo, under the Logo, click Edit.
l To change the secondary graphic, under the Secondary Graphic, click Edit.
Select an existing graphic
a. From the displayed list, select a graphic.
b. Click Choose Selected.

Add your own image
a. Click Add New.
b. Click Select Image.
c. Select an image from your computer.
d. Click Open.
e. Click Upload.
4. Confirm that the image appears in the box to the right.
5. Click Submit.
Deleting logos
2. Choose one of the following:
l To change the logo, under the Logo, click Edit.
l To change the secondary graphic, under the Secondary Graphic, click Edit.
3. Select graphic to delete.
4. Click Delete Selected.
5. Confirm your selection.
Resetting the appearance
2. Click Reset to Default.

Setting a System Language - Globalization

Globalization features enable administrators and users to adapt the user interface to appear in
languages and formats that meet the needs of different geographical and cultural regions.
Globalization involves three main concepts: languages, locales, and translations.
Languages
Various language translations of RSA Archer GRC navigation and solution content are available for
licensing from RSA. These translations allow users to see RSA Archer GRC content in their native
languages.
A language must be licensed and activated in an instance to make its RSA Archer GRC navigation
translations available. At least one language license is included with the original product license and
is set during installation as the default language. You can purchase and add language licenses to
provide different navigation translations to your users.
Administrators associate locales with a language to let users see content such as dates and currency
in formats used in their countries and cultures. A separate time zone setting completes the
localization of RSA Archer GRC navigation and content displays.
RSA Archer GRC navigation is displayed to users in the language associated with their locale. If the
language associated with their locale is not active, the default language is displayed instead.
Supported languages
The following languages are supported forRSA Archer GRC :
l Chinese l Japanese
l English l Portuguese
l French l Russian
l German l Spanish
l Italian
Locales
A locale defines the display formats used for dates and currency and also affects RSA Archer GRC
functions such as calculations, time-based filtering, and reporting. A major function of a locale is to
let users see RSA Archer GRC content as they are accustomed to seeing information in their native
countries and cultures.

Locales are defined by language and country. A complete list of supported locales is available here
in RSA Archer GRC:
l Click Administration > Globalization > Manage Locales
An administrator associates one or more locales with a language to let users see RSA Archer GRC
navigation and licensed solutions in their native languages. A locale can be associated with only one
language. Any number of locales can be associated with the same language. A locale cannot be
removed from a language if the locale has associated users.
An administrator can set a default locale for individual users and user groups. However, the locale
assignment is associated only with individual users and not with groups. The assignment of a user
group to a locale assigns the locale to the current set of users in the group. Future user additions to
the group do not get the locale assignment, and future user removals from the group do not remove
the user locale setting.
Users with update permissions for their accounts can set their locale to a non-default locale.
Translations
A translation refers to a natural-language translation of objects that you have created in RSA Archer
GRC. These objects can include:
l Applications
l Dashboards
l Folders
l Global values lists
l iViews
l Letterhead templates
l Questionnaires
l Solutions
l Sub-forms
l Workspaces
The language used to create an object is its design language. The default instance language is
specified during the installation. Several supported languages are available for licensing from RSA
Archer GRC. All descending RSA Archer GRC objects, such as Module Level, Fields, and so forth,
inherit their default language from the root object, such as Applications.
The following illustration shows the root objects and the descending objects that inherit the default
language:

If you add a language to RSA Archer GRC there is no licensing requirement. You can export this
language for translation, and then import the translated language into RSA Archer GRC. You can
also obtain licensed translations for RSA Archer GRC-provided solutions, The translated language
then appears in the user interface of the objects, based on the language settings in the user profile.
Important: When exporting a language, remember that while the objects are translated, the content
a user enters is excluded from the translation.
You can move relevant translations for packaged items from one instance to another. For example,
you can create and test a solution translation in one instance, and then package and install it on a
different instance for user access after testing is complete. When importing RSA Archer GRCcore
solutions, you must install a valid license on the importing instance before installing the translation
itself.
Adding Licensed Languages

To purchase a license for a language that you want to add, contact your RSA sales representative.
You will receive a new license key that includes the new language license.
Add a licensed language to the instance

1. In the RSA Archer Control Panel, update the license key for the instance. See Update the
License Key in RSA Archer Control Panel Help.
2. In the instance, activate a language to make it available to administrators and users.
3. Go to the Manage Languages page.
b. Under Globalization, click Languages.
4. Click Add New.

5. In the General Information section, enter a name and a description for the new language.
6. In the Options section, do the following:
a. In the Status field, select Active.
b. In the Locale(s) section, select the locales that you want to assign to the language.
7. Click Save.
Adding New Language Translations

Create your own translation if you need to to provide users with a language that is not one of
supported languages.
The actual translation of the content occurs outside the RSA Archer GRC application, so the
translator does not need to be an RSA Archer GRC user. After the translation is complete, the
translator returns the language file to the same access location so you can import it into RSA Archer
GRC.
Key things to remember about exporting languages for translation
l The export utility creates multiple .csv files, one for each object, and then stores all the files in a
single ZIP file, comprising a full language. The .csv format enables the translator to choose from
a variety of software tools to complete the translation.
l You can include all objects in the export or only the objects not yet translated.
l Depending on the size of the .zip file and the attributes of your computer system, the export
process may take several minutes to complete, during which you will see a Pending status for the
language on the Manage Languages page.
l If the export process fails, you will see a Failed link in place of the Pending status. Click this link
to display information about the failed export.
l You will receive email notification when the export process is complete.
Key things to remember about importing translated languages
l The import process expects that the translated characters in the returned .csv files are encoded
using the UTF-8 character set. Because many characters are not found in ASCII or ANSI, UTF-8
has emerged as a comprehensive character set that accommodates most languages. If the returned
.csv files do not use UTF-8 characters, the import may result in random unintelligible characters
appearing after the import process is complete, or the import may not work at all.

l You must import the translated language files into the same instance of RSA Archer GRC
platform from which you originally exported the language for translation.
l You must use the default Windows file compression utility to create the .zip file that contains the
translated language files you intend to import.
l The translated language .zip file that you import must contain all the files that you originally
exported. These files include the .csv files that were updated with the translations of the
translatable properties, as well as the manifest file.
l The translator should have updated only the Translated Value column in the .csv file.
l The translator must ensure that property names with associated translated text appear in the
Translation Value column of the .csv file. For information on the Translation Value column, see
the Translated File Example topic in the RSA Archer GRC Online Documentation.
l The .csv files and the manifest file must reside in the same folder into which they were extracted
from the original exported file.
l All files must be correctly formatted.
l Depending on the size of the .zip file and the attributes of your RSA Archer GRC environment,
the import process may take several minutes to complete. During this process you will see a
Pending status for the language on the Manage Languages page.
l If the import process fails, you will see a Failed link in place of the Pending status. Click this link
to display information about the failed import.
l You will receive email notification when the import process is complete.
Step 1: Add a new language
2. Click Add New.
3. In the General Information section, enter a name and a description for the new language.

4. In the Options section, do the following:
a. In the Status field, select Active.
b. In the Locale(s) section, select the locales that you want to assign to the language.
5. Click Save.
Step 2: Export the language file for translation
2. Click for the language you want to export.
3. Select the appropriate option to include either all objects or only untranslated objects and their
associated meta-data.
4. Click Generate.
5. Click to download the exported language file.
6. Select Click Here to download the file to your default Web browser.
7. Use the Web browser to save the downloaded file in a specific location.
Step 3: Translate objects into the new language
1. Move the downloaded language file to a location that the translator can access.
2. For every property name in every .csv file that you exported, have the translator provide a
Translation Value. For a completed example, see the Translated File Example topic in the
RSA Archer GRC Online Documentation.
3. Using the default Windows file compression utility, zip all the translated .csv files and the
original manifest into a zip file.
Step 4: Encode the translation in UTF-8
Note: This step is only required if the files that you receive from the translator are not already
encoded in UTF-8.

1. Extract the translated .csv files from the .zip file you received from the translator.
2. Open a .csv file in the Windows Notepad text editor application.
3. In the File menu, click Save As.
4. From the Save as type list, select All Files.
5. In the File name box, ensure that the file name extension is .csv.
6. From the Encoding list, select UTF-8.
7. Click Save.
8. Compress all encoded UTF-8 .csv files in a .zip file in the same folder in which you extracted
them. Be sure to include the same manifest file that was created in the original language export.
Step 5: Import the translation
Note: You must import the translated language files into the same instance of RSA Archer GRC
from which you originally exported the language for translation.
2. Click for the language that you want to import the translated language file.
3. Click Browse.
4. Click Add New, and navigate to the translated language .zip file that you want to import.
5. Select the file, and click Open.
6. Click OK.
7. Activate the language.
Activating and Deactivating Languages

You must activate a language to use it in RSA Archer GRC. When the language is no longer used,
you can deactivate it.

Activate a language
2. Select the language you want to activate.
3. In the Options section, set the status to Active.
4. Click Apply.
Deactivate a language
Important: Deactivating a language prevents the rendering of any translations tied to it. Instead, the
system renders the design language. You cannot deactivate a language if it functions as a design
language anywhere in RSA Archer GRC.
2. Select the language you want to deactivate.
3. In the Options section, set the status to Inactive.
4. Click Apply.
Associating Users and Groups with a Language Through

Locales
Languages are assigned to locales through Globalization and locales are associated to users and
groups in the user account and group in Access Control.
Assign locales to a language

A locale can be assigned to only one language. Any number of locales can be assigned to the same
language.

2. Select the language to which you want to assign locales.
3. In the Options section, select the locales to assign to the language.
4. Click Apply.
Set the locale for users and groups
Note: The assignment of a user group to a locale assigns the locale to the current set of users in the
group. Future user additions to the group do not get the locale assignment, and future user removals
from the group do not remove the user locale setting.
1. Go to the Manage Locales page.
b. Under Globalization, click Locales.
2. Click for the locale to which you want to assign users.
3. In the Options section, select the groups and users to assign to the locale.
4. Click Apply.
Remove locales from a language
Important: A locale cannot be removed from a language if the locale has associated users.
2. Select the language from which you want to remove locales.

3. In the Options section, click alongside each locale you want to remove from the language.
4. Click Apply.
Changing the Default Language

You can set a default language for an entire instance or change the default language of individual
objects that you have created in RSA Archer GRC.
Key things to remember about changing the default language of an object:
l The default language change cannot succeed unless the target language contains a matching
translatable property for every translatable property in the source language.
l This requirement is especially important if, after having changed from one language to another,
you want to change back to the original language. For example, when you change the language
from English to German, English is the source, and German is the target. The change succeeds as
long as the utility finds an exact match in the German translation for every English translatable
property. If the German translation contains additional properties not present in English, the utility
ignores these and the change from English to German still succeeds.
However, if you want to reverse the process and change the language from German back to the
original English, then German is the source and English is the target. The process fails because
English does not contain a match for the additional translatable properties in German.
l This same requirement is in force if you want to install a package whose default language is not
the same as the platform default language.
Change the default language of an object
1. Go to the object you want to update.
b. Do one of the following:
l Under Application Builder, click Solutions, Applications, Questionnaires, Sub-Forms, or

Global Values Lists.
l Under Workspaces and Dashboards, click Workspaces, Dashboards, or Global iViews.
c. Select the object for which you want to change the default language.
d. Click the General tab, if applicable.

l For solutions, global values lists, workspaces, dashboards, and global iViews, click Change in
the General Information section.
l For applications, questionnaires, and sub-forms, click Change in the Options section.
3. In the Default Language Change dialog box, select the new default language.
4. Click OK.
Set the default language for an instance
2. Select the language you want to set as the default instance language.
3. In the Options section, select Make this the default language.
4. Click Apply.
Deleting Languages
You cannot delete a language that meets any of these criteria:
l The language is the default language for the instance.
l The language is defined as the design language for RSA Archer GRC component.
l The language has associated locales that include users.
l The language is defined by users as their override language in user preferences.
Delete a language
2. Select the language you want to delete.

3. Click Delete.
4. Click OK.
Displaying Licensed Languages
Display licensed languages
2. In the toolbar, click Licensing Information.
3. Scroll down to view the following sections:
l Solution Languages -- Lists the languages licensed for solutions.
l Platform Languages -- Lists the languages licensed for RSA Archer GRC navigation.
Moving Translated Solutions Between Instances

You can package and move a translated solution from one instance to another.
Process
1. Log on to the instance that contains the solution translation you want to move.
2. Create a package to define a package that includes the solution translation. You can select only
solution translations to include in the package, or you can select translations and other
components. Generate and download this package to a network location that is accessible from
the instance to which you want to move the solution translation.
3. Log on to the instance to which you want to move the solution translation.
4. Import a package to move the package into the instance.
5. Map objects to preview the automated mapping between source and target objects and resolve
any problems with the mappings.
6. Install a package to install the package with the solution translation in the instance.
7. View the package installation log to check for and resolve warnings generated by the package
installation.

RSAArcherGRC 6.0 Platform Admin Guide

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

RSAArcherGRC 6.0 Platform Admin Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RSAArcherGRC 6.0 Platform Admin Guide

Uploaded by

Copyright:

Available Formats

RSA Archer GRC

Note on encryption technologies

Note on Section 508 Compliance

Chapter 1: Setting Up and Maintaining the Platform 15

Customizing the Layout of a Questionnaire 104

Chapter 4: Solutions 136

Chapter 5: Fields 139

Adding Matrix Fields 182

Configuring Manual Permissions for a Record Permissions Field 292

Chapter 6: Sub-Forms 474

Chapter 7: Data Driven Events 480

Chapter 8: Layouts 530

Adding Additional Layouts 531

Chapter 9: Advanced Workflow 545

Chapter 10: Workflow 579

Chapter 11: Offline Access 594

Preparing for Offline Access Installation 610

Purging Data in Offline Access 611

Chapter 12: User Access 614

Chapter 13: Using Communication Tools 663

Notification Blueprints 667

Chapter 14: Data Integration 750

Chapter 15: Packaging 1005

Backing Up Your Database 1033

Chapter 16: Search and Reporting for Administrators 1060

Chapter 17: Dashboards, iViews, and Workspaces 1076

Chapter 18: Customizing RSA Archer GRC 1095

About This Guide 12

Support and Service 12

RSA Archer GRC Documentation 13

About This Guide

Support and Service

Customer Support Information www.emc.com/support/rsa/index.htm

Customer Support E-mail archersupport@rsa.com

RSA Archer GRC Documentation

Chapter 1: Setting Up and Maintaining the Platform

Applications, questionnaires, and solutions

Users and access control

Chapter 1: Setting Up and Maintaining the Platform 15

Chapter 1: Setting Up and Maintaining the Platform 16

Workspaces, dashboards, and iViews

Customizing the system

Chapter 1: Setting Up and Maintaining the Platform 17

Example: Leveled application

6 Define a Optional If the application is part of a workflow or advanced

l Which users should be granted ownership rights to the application?

l Is there a need to change the default language for the application?

1. Go to the Manage Applications page.

a. From the menu bar, click .

b. Under Application Builder, click Applications.

2. Click Add New.

3. In the Method field, do one of the following:

l To add a new application, click Create a new Application from scratch.

5. Enter the name of the application.

Adding Data Levels in Applications

Add data levels to an application

1. Go to the General tab of the application that you want to update.

a. From the menu bar, click

b. Under Application Builder, click Applications.