cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10 Role Owners for CUP Access Request

Former Member

on ‎01-17-2012 10:47 AM

0 Kudos

Hello Experts,

I have a case where in the access request to be submitted is to be routed to agent ROLE_OWNER. I would like to know how can I set the role owners .

Where can I import the roles ,in SPRO I find nothing .

We are not using BRM for role ,but do we have to do the config for the BRM as well as mentioned in /docs/DOC-8562#section13 ?

I also see that the Condition Group ID is required in UI Access Management > Role Owner . I would like to know the bare minimum steps required to set-up role owners for CUP.

Reg,

Anthony.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

simon_persin4
Contributor
‎01-17-2012 4:48 PM
0 Kudos

Hi Anthony,

In GRC 10.0 you need to import the roles into BRM in order to make them available for CUP (URM / ARM).

You need to identify the Owners by creating them a GRC system User ID and then marking them as owners in the NWBC --> Setup --> Access Control Owners section.

Then you need to import the roles via the NWBC frontend screens under Access Management --> Role Mass Maintenance (or something similar).

As part of the import, you can assign the owners to the roles.

Depending on the SP level of the GRC system, you might then need to mark the roles as "Productive" to make them visible for provisioning via ARM.

Simon

Show replies
Show replies
Former Member
‎01-29-2012 11:34 AM
0 Kudos

Hello Simon,

Will you please help me understand the signifance of "condition group ID" ?

We would like to have approval done by role owners for CUP request and also for changes in role using BRM .

We are using "Methodology" as condition group in SPRO i.e. { SPRO>GRC>AC-->Role Mgmt -->Assign condition group type)

But when in NWBC screen , under Setup>Access Owners>Role Owners

When i try to enter "METHODOLOGY" it only takes up characters upto METHODOLOG ,but i am able to make an entry.

I am not sure if it will result in any error for workflow or something.

Will you please let me know how does it affect if i do not make any entry here ?

I have already assigned role owners in "Access Control Owners".

Thanks in advance.

Regards,

Victor

Former Member
‎02-02-2012 4:03 AM
0 Kudos

Hello,

You can enter anything, would say enter numeric as well .

Once youare done, you need to download role attribute template from role import and and fill all details and go to role import and update it.

you can skip auth from backend system if you are not using role management.

please ensure you make role staus as production in SPRO so that you can see them access request.

Regards,

Prasant

simon_persin4
Contributor
‎02-02-2012 2:54 PM
0 Kudos

Hi Victor,

Forgive me if I have misinterpreted your post but it seems to me that you have mixed up two separate issues here.

You seem to be combining agent derivation with methodology derivation.

The condition group should be the "result" of the BRF+ rule which is then used to specify the role build methodology. This will tell the system which methodology to apply to the role based upon the given set of conditions.

This has nothing to do with the actual approver workflow other than that methodology might well have an approval stage identified there.

The approval will be managed via MSMP workflow. Here you can determine exactly how you wish the approval to be provided. This could involve the standard approvers (Role Content Owners) or could involve custom agents (BRF+ Agent Rules).

I very much doubt that you actually wish to store a Condition group ID as an access control Owner as you seem to be attempting.

Simon

Former Member
‎02-03-2012 11:10 AM
0 Kudos

Hello Simon,

May be you misinterpreted !!

I am aware that Owner cannot be maintained there !!

Thank you for your comments !!

Regards,

Victor

Ask a Question