07-26-2011 2:35 PM
Hello everybody!
I would like to know is there any way to limit role assignment by hour?
We need this function to limit access for very sensitive actions, kind of u2013 emergency roles, that should be opened for very limited time.
Thank's,
Julia.
07-26-2011 3:26 PM
Do not think there is standard way to do this. Minimum would be 1 day validity as you are already aware of in SU01 or with GRC SPM.
07-26-2011 3:42 PM
Hi Julia
As there is no standard way of achieving your requirement; one approach that I can propose is this:
(a) Create a custom program which collects data from agr_users on critical roles assignment and the time of their assignment. So you get role, user id and time
(b) Create a batch job which gets the data from custom program and has the functionality of removing those roles from user in their next iteration. You need to run the batch job on hourly basis. Variation can be that the access is given for just 1 minute and maximum 1 hour 59 minutes.
Bit overloaded approach ..hope their are alternate simple solutions waiting in the queue
Best Regards
Prashant
07-26-2011 4:24 PM
I was also looking for something like this for temporary access and ended up creating my own application for it.
The main idea was for temporary activation of RFC connections which are not required on a permanent basis. Is this also the reason behind what you are looking for?
Cheers,
Julius
07-28-2011 3:25 PM
Thank you everybody for your answers, I will probably try to implement Prashant's idia.
Great weekend for you all.
Julia.