cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Access Review - Logs

Go to solution
former_member187795
Participant

on ‎06-23-2014 5:50 AM

0 Kudos

Hi All,

We are on GRC SP13.

User Access Review workflow has been setup.

1. UAR requests are generated.

2. During review, if the roles assigned to the user are fine, approver just approves the request. In this scenario audit log shows "NO PROVISIONING LOGS AVAILABLE"

3. During review, if the roles assigned to the user are removed by the approver then user is getting modified in the target system and logs are coming properly.

Request Type - UAR Review

Actions - Change User

As mentioned in point 2, if the existing roles are just approved to be there, since there is no change in the user assignment, no action is happening and no logs are being captured.

Please suggest how to handle this scenario. I assume that most of UAR requests would be just reviewed and approved to retain the existing roles, then the scenario as mentioned in point 2 is happening with no logs.

Thanks in advance.

Regards,

Sai.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎06-23-2014 6:26 AM
0 Kudos

Hi Sai

The no provisioning logs (from my understanding) is that the system has performed no changes to the account. This is correct as the reviewer has accepted access to remain. You would see provisioning logs when it results in a change to the user (i.e. role removal, account master updates, etc).

However, the UAR form and workflow is retained to show that a review was performed and the approver decided it was appropriate to retain the access. You could use the Search Requests functionality to check on processed requests.

What message/logs are you expecting to see?

Regards

Colleen

Show replies
Show replies
former_member187795
Participant
‎06-23-2014 6:46 AM
0 Kudos

Hi Colleen,

Thanks for clarification.

Below is the audit log for one UAR request. I understand that since there are no changes in target system, no logs would be there. So this should be the standard behavior.

A issue has been raised to us saying that "No logs" for UAR requests and they (Client's IT team) are expecting some logs similar to Retain action saying that "Role are retained"

I will clarify them.

Regards,

Sai.

Answers (0)

Ask a Question