on 06-21-2012 12:44 PM
Hi All ,
We are on GRC 10.0 SP08.
I am trying to figure out a way to prevent the end users from executing online risk analysis for * users ( all users) .
Is there a standard way to achieve this.
The concern we have is if users are allowed to execute online reports for larger number of users , it will affect the system performance.
I know the user can be restricted with the below authorization object but these does not restrict the number of users analyzed in a report.
GRAC_RA | ACTVT GRAC_OTYPE ( user/ role/ profile) GRAC_RAMOD ( Foreground/ Background) GRAC_REPT ( Report Types) |
Thanks ,Ranjiv
Hi Ranjiv,
You have an additional object GRAC_USER with field GRAC_USER to restrict the risk analysis part.
However, I really doubt if there any option to use NOT (as *) while providing the access of the user under this object. Infact, there is no concept using NOT in PFCG authorization.
You can have multiple assignments like A* to Z*, A*, ABC, etc in the value of the field. But there is no option like NOT A* or NOT ABC, etc, concept in PFCG authorization assignment.
As a workaround, you can restrict your users to run the risk analysis in Background only. If they try to run the analysis in Foreground, they will get the message 'no authorizations'. This can be done by field GRAC_RAMOD.
Thanks & Regards
Neeraj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Neeraj .
Yes I even looked in the auth obj GRAC_USER , but it restricts the user space , I don't want the end user to be restricted to a specific set of users , I just want that they are not able to execute adhoc risk analysis for all ( * ) users in one go, mainly due performance reasons.
The option of using the GRAC_RAMOD and restricting users based on this seems to be the closest workaround.
Regards,Ranjiv
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.