on 07-25-2012 9:26 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Chandani,
Step 1: Maintain the parameter 4001 in SPRO (30 days)
Step 2: Assign FF_ID1 and FF_ID2 to FF_Controller
Step 2: Assign FF_ID1 and FF_ID2 to FF_Business_User.
Step 3: FF_Business_User can get access with these FF_IDs during 30 days.
Automated process:
Step 4: After 30 days (parameter 4001), the FF_Controller has to receive automatically an email to extend or not the FF_IDs assignement to the FF_Business_User. He/She can for example approve to extend the first and rejet the second.
At the end my FF_Business_User will have only one FF_ID.
All our FF_IDs should not extended manually but with approval.
Kind regards,
Imy
Hello Niad,
The controller is only an auditor who checks whether the FFID is used correctly or not. For him there is no validity. Fo him this FFID could be assigned to any user ( Firefighter), but the FFID usage should be in accordance with the activity mentioned. Yes if he finds that the FFID has performed some illegal or incorrect actions then the controller can ask firefighter about it. For extending the validity, the firefighter could himself raise an access request for extending the validity of FFID assignment which in turn will go to owner of the FFID. Then owner can approve or reject the assignment.
Thanks & Regards,
Chandani
Hello Chandani,
Thank you for help, the process is more clear.
If the EAM request is approved by the Owner, is it possible to re-sumbit this request automatically to the owner without asking the user to re-submit an EAM request for this FFID. In this case the owner will decide or not to approve the extending validity?
In which GRC AC table the EAM requests information is stored?
Best regards,
Imy,
Hi Imy,
It sounds like you want to have the Firefighter assignment considered in a similar way to the UAR process whereby the owner gets to re-certify that the access is still required.
Using the Firefighter role based application, this will definitely be possible using standard UAR functionality, albeit by extending the workflows to look at the SPM owner rather than the manager (or using the Role owner mechanism and defining them as the SPM owner).
With Firefighter ID, that is more difficult.
I don't believe there are standard calls available to re-certify ID assignment automatically but it might be possible to customise this.
Simon
Hello Imy,
If the request is submitted by firefighter himself for extending the validity and is sent to owner for approval then where is the need for firefighter to re-submit the request.
The table GRACREQPROVITEM provides details for line Items Associated with Request.
Thanks & Regards,
Chandani
Hello Chandani,
Suppose that firefighter (user) gets access to Firefighter ID (by the Admin or via ARQ request) during 30 days as maintained in parameter 4001.
At the end of this duration, we need the FF Owner to re-certify or not the FF<--> FFID assignment. He can say yes, I approve: Then the duration is extended (+30days), he can see no, the FFID will be removed from the firefighters. But this workflow process should be transparent for the user.
I can create a EAM request and approved by the owner but at the end of the duration of the parameter 4001 value, I need the Owner to receive automatically this FF-FFID assignment to extend or not?
@Simon: Thank for your input, you are right about my concern but the Firefighter Role based is not possible in our case. We have only Firefighter IDs.
Kind regards,
Imy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.