cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Business Roles in GRC 10.0

Go to solution
Former Member

on ‎07-09-2012 5:27 PM

0 Kudos

Hello All,

We have been using Business roles concept in a particular manner i.e. Each of our business role has it's own approvers based on country but underlying single role is the same for all Business roles.

The reason why we have this particular model is to enable workload balance for approvers but what is happening is that end users are searching for single roles and requesting access to them rather than selecting business roles thus sending request for access to single approver rather than the different approvers based on Business roles.

Is there a way to restrict visibility of these single roles in GRC such that users will only select the Business roles.

Thanks

Uday

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-10-2012 4:59 AM
0 Kudos

Hi Uday,

There is an auth object GRAC_ROLED which can be used to restrict the creation, change and readability of the roles.

You can tweak the roles with this auth object to acheive the desired results. For more information kindly refer the Security Guide available on SMP.

Best Regards,

Smriti

Show replies
Show replies
Former Member
‎07-10-2012 4:41 PM
0 Kudos

Hi Smriti,

Thanks for the reply..But my concern is that all our end users are ldap authenticated users so they don't have any access on the GRC system and hence have no roles so I am doubtful if it will work for this scenario but will also take a look at it in detail later today.

Thanks

Uday

Former Member
‎07-15-2012 7:06 PM
0 Kudos

HI Uday

Why dont you deactivate single roles . Go to spro - GRC -access control -role mamagement and i think in first option only u have deactive role type .(not in front of system right now )

We are also implemention business role and not making single roles availble for end user .

Thanks & Regards
Asheesh

Former Member
‎07-16-2012 4:28 PM
0 Kudos

Thanks for the reply Asheesh..but we have other systems which have single roles so we wouldn't be able to deactivate single roles completely..

Thanks

Uday

Former Member
‎07-19-2012 11:11 AM
0 Kudos

Hello Uday

ARe you able to address this issue . We can control this but for that user need to be in GRC system .

As in case ,user are in LDAP I really cant see any other option other than synching them to GRC from LDAP .

Kindly let us know if you are able to solve this issue .

Thanks & Regards

Asheesh

Answers (1)

Answers (1)

patrick_weyers
Participant
‎11-07-2012 1:13 PM
0 Kudos

Hi Uday,

Were you able to solve this? I believe the previous answers do not exactly relate to your question.

Your concern, if I understand you correctly, is how to prevent users REQUESTING ACCESS to the single roles. This has nothing to do with deactivating role types in SPRO or changing GRC authorizations.

For each role in BRM, you can set the provisioning settings under "Additinioal Details" -> Provisioning. Simply turn this off the the roles in question and they will not be able in ARM/CUP access request search at all.

Hope this helps.

Patrick

Show replies
Show replies
Ask a Question