on 03-14-2012 8:21 AM
Hi All,
we are planning to use Firefighter functionality of GRC AC 10.0 on our HR system. Now we are facing some additional questions and issues like data protection for the Firefighter logs from the HR system. Except for removal of the rights to view all Firefighter logs from all users is there another solution for this?
Generally we would appreciate and further "special" experience, recommendation, issues,... that might be related to a GRC usage in the HR environment.
Thank you very much in advance and best regards,
Eva
Dear Eva,
I have faced the same problem and will share you my approach on that issue. If you are using a standalone system for HR you can restrict the permission on role level for each system. Therefor just add your HR system to the authorization object. Basically it's just splitting up the role into two roles (one for HR system and one for the ERP).
Another approach is to restrict the authorization directly to a user. Thereby we have to update the roles every time a user is changing, what creates additional work for our authorization team.
If you are using HR on a standalone system I propose to split the role as described above.
Best regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Eva,
Each Firefighter has a controller to check the logs. All the activity the FF ID has done during his session will be sent to the controllers. In GRC 10, there is an audit workflow to supervisors and managers. Logs are checked at management level with this new functionality.
Let me know if more information is needed or whether this information is still useful or not as this thread is from some time ago.
Thank you,
Fernando
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.