cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

role definition workflow

Go to solution
Former Member

on ‎03-28-2014 1:06 PM

0 Kudos

I have seen quite some SAP GRC Access Control 10.0 access request workflows in action, but I wonder whether the following workflow exists in GRC or is easy to develop.

  • Requestor - Request role creation/change/removal (request form should be in GRC)
  • Role Owner - Approves or Rejects Request
  • Role Designer - Maintains role (in case of approval), risk analysis is performed
  • Security Specialist - Validates role, mitigate risk etc.
  • Role Owner - Approves or Reject Requests

See attachment

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

FilipGRC
Contributor
‎03-30-2014 10:22 PM
0 Kudos

Hi,

yes, very similar (close to described by you) workflow exists and it is part of standard SAP GRC BRM solution. I was involved in such a design where almost standard BRM solution was used and this would facilities most of the needs described on the process map by you. Requestor/Role designer designs roles in BRM / back-end system based on business requirements. Role Owner (assignment and/or content)  – is assigned to role inside BRM, he approves role content and users assigned to role. Security team (can act as user group agent) who additionally approves the role.

Regards,

Filip

Show replies
Show replies
Former Member
‎03-31-2014 10:21 AM
0 Kudos

Thanks Filip. Where can I found the first two steps before the actual role design phase is started in GRC?

  • Requestor - Request role creation/change/removal (request form should be in GRC)
  • Role Owner - Approves or Rejects Request
FilipGRC
Contributor
‎03-31-2014 1:01 PM
0 Kudos

Hi,

in my project requestor was a person who was requesting a role creation (request itself  was created outside from BRM  standard solution). Newly created role inside BRM is sent for approval of Role Owner during 'Role approval' step inside BRM role creation methodology.  Of course you will have to setup such a stage inside role creation methodology.

Role Owner is assigned to role under first step (Role definition in tab owner/approvers). There are two possible kinds of role owners (assignment and content).

Based on this assignment system later in the role methodology creation phase Role approval is sending an request for approval to Role content owner.

Hope this helps,

Filip

Former Member
‎04-01-2014 10:31 AM
0 Kudos

Filip thank you for your answer. Basically the entire process that  I described is not (yet) in GRC

former_member184114
Active Contributor
‎04-01-2014 1:00 PM
0 Kudos

It is the default methodology as described by Filip.

It just you have map this logically according to your screen shot.

Faisal

FilipGRC
Contributor
‎04-01-2014 2:34 PM
0 Kudos

Hi,

correct it is not fully supported, however most steps described by you are already there.

Please note creating a role in PFCG is a very specific process and most clients with GRC AC fully implemented are still doing crucial part of role creation in backend system. 

Filip

Answers (0)

Ask a Question