on 08-09-2012 4:15 AM
Hello Gurus,
We have a situation where every user in ERP should be able to request for Firefighter ID access, due to which user on ERP production should also exist on GRC production system.
We have designed a workflow where in a request is created for provisioning a New User in ERP Production system which happens after certain approval stages.
Now we want that the New user which is created in ERP system should also get created in GRC production system and appropriate role has to be assigned to the user .i.e both system should be in SYNC.
Please note we do not have a CUA system/functionality in place.
Is it possible to achieve this SYNC between ERP and GRC via workflow or any IDOC or any other way ??
Please suggest.
Regards,
Victor
Hi Victor,
I haven't tried it myself, but I'm pretty sure that you could map default roles and systems against a request type, e.g. new user request. This would allow the creation of the user on the GRC box.
Review these parameter settings:
Access Request Default Roles | 2009 | YES | Consider Default Roles | |
Access Request Default Roles | 2010 | 001 | Request type for default roles | |
Access Request Default Roles | 2011 | REQUEST | Default Role Level | |
Access Request Default Roles | 2012 | SYSTEM | Role Attributes | |
Access Request Role Mapping | 2014 | YES | Enable Role Mapping | |
Access Request Role Mapping | 2015 | NO | Applicable to Role Removals |
Afterwards you need either a FF assignment workflow or manually assign the user to a firefighter.
An alternative approach would be to implement SP09 (or SP10?) where you could choose if you want the central log in from the GRC box, or if you want client specific firefighter log in as we were used to in FF 5.3.
Kind Regards,
Vit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.