# Mitigating controls **Mitigating controls** reduce risk when an SoD conflict is allowed. They let administrators define compensating measures instead of blocking access outright. ### What are mitigating controls? A mitigating control is a **compensating measure** that reduces risk for an accepted **Segregation of Duties (SoD)** conflict. It lets your organization acknowledge the conflict while applying controls to monitor, review, or limit the related risk. ### Control list Go to **Webconsole** → **Access Control** → **Segregation of Duties** → **Mitigating Controls**. The list shows these columns: | Column | Description | | --------------- | ---------------------------- | | **Name** | Control name (click to open) | | **Description** | Truncated description | | **Status** | `Active` or `Inactive` | ### Create or edit a control | Field | Required | Description | | -------------------- | -------- | -------------------------------------------------------------------------------- | | **Name** | Yes | Unique control name | | **Description** | No | Free-text description of the compensating measure | | **Effective Date** | No | Date when the control becomes valid | | **Expiration Date** | No | Date when the control is no longer valid. Must be later than **Effective Date**. | | **Review Frequency** | No | Review interval: `Monthly`, `Quarterly`, `Semi-Annually`, or `Annually` | | **Active** | No | Disable the control without deleting it | #### Manager The manager executes the control. | Field | Required | Description | | ---------------- | -------- | --------------------------------------------------------------- | | **Manager Type** | Yes | `User` or `Group` | | **Manager** | Yes | Specific user or group. The selector changes based on the type. | #### Owner The owner is accountable for the control's design and adequacy. | Field | Required | Description | | -------------- | -------- | -------------------------- | | **Owner Type** | Yes | `User` or `Group` | | **Owner** | Yes | The specific user or group | ### Linking controls to policies Mitigating controls are linked at the **policy level**, not the individual violation level. To link one or more controls to a policy: {% stepper %} {% step %} Open the SoD policy and go to the **General** tab. {% endstep %} {% step %} In **Mitigating Controls**, select one or more controls. {% endstep %} {% step %} Click **Save**. {% endstep %} {% endstepper %} All violations generated by that policy inherit the linked controls. Reports and violation views show the control name. Users assigned as the control's manager or owner are flagged with `USER_IS_MC_MANAGER` and `USER_IS_MC_OWNER`. {% hint style="info" %} You cannot delete a mitigating control while it is linked to one or more policies. Remove the policy link first. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs-beta.openiam.com/segregation-of-duties/mitigating-controls.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.