on 08-12-2013 5:24 PM
Hi Experts,
I work in GRC v5.3 SP19
I would like to know more about the option of review users in CUP, especially reasons for rejections,
What is its function?
regards
User Review
User review allows designated approvers to review the access assigned to a user and the
segregation of duties risks violated by a user. These two procedures are referred to as User
Access Review and User SoD Review.
Features
Performing User Access Reviews
The User Access Review (UAR) feature provides a workflow-based review and approval
process for user access requests. The periodic reviews of user access are performed by
business managers or role owners, and the system automatically generates the requests
based on the company’s internal control policy.
Features
An automated process for the periodic access review.
Use of the user UAR feature requires configuration in multiple capabilities. The information in
this section provides details about the user access review feature, its process options,
configuration, and use.
ERM -> You configure system connectors. This is required for transaction usage and
for user-role assignment information.
RAR -> You configure connectors. This is required for alert generation to provide
transaction usage information.
CUP -> You define connectors, configure UAR, configure workflows, and define
coordinators.
Roles in the UAR Process
Administrator: This person has the AE_Admin UME role assigned for Access Control. They can
perform general CUP administrator tasks in addition to UAR-specific administrator tasks, such as
cancelling UAR requests and regenerating requests for rejected users.
User’s Manager: The direct manager of a user as defined in the User Details Data Source.
Role Owner: The role owner specified in CUP master data.
Reviewer: This term refers to the approver at the Reviewer stage. The Reviewer may be
the user’s manager or the role owner.
Coordinator: The Coordinator specified in CUP master data. The Coordinator is assigned to
Reviewer. They monitor the UAR process and coordinate activities to ensure the process is completed in a timely manner.
Process Options
You choose from multiple process options to determine the approvers of the UAR requests.
Configure Rejection Reasons
Rejection reasons are mandatory when rejecting a review request. You must upload the reason codesand descriptions using a template.
Procedure
1. Go to Configuration -> User Review -> Reason for Rejection. The Reason for Rejection screen
appears.
2. Under Import Rejection Reasons, click Download Template. The template opens in Excel.
3. Complete the required information and save the template.
Let me know if this concerns your query.
Thank you,
Fernando
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.