GRC AC - Workflow approval

Hello community,

We have one workflow configured to request double approval to grant roles to users. Firstly one Manager Approval and then the Role Assignment Approval. Sometimes the Manager and role Assignment are the same person.

My question is:

Is it possible to configure GRC AC to request only one approval at this cases (only when Manager and Role Assignment are the same person).

Thanks,

Pedro

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (0)

Answers (1)

Hi Pedro,

Please check below link. This will help you.

Regards,

Madhu.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hello Madhu,

Thanks for your reply. I´ve checked the link but was not able to fully understand the content. This solution automatically detects when Manager and Role Owner are the same person, if it´s the case only one approval is requested. If Manager and Role owner are different persons the it requests both approvals.

All of this happening in the same WF. Correct?

Regards,

Pedro

That is right Pedro.
This document should serve your purpose. Following this document exactly, it sends your WF to one path if the results is Manager = Role Owner. Else, you might want to send it to a different path OR define your own trigger value and achieve the results.

Hi Pedro,

As per the link I have shared, In BRF+ they are comparing Manager value from GRACREQOWNER with Role Owner in GRACROLEAPPRVR table.

First please confirm if you are using standard ROLE OWNER agent or Customized Agent as the link I have shared works with standard Role Owner agent. If you are using BRF+ custom agent for role owner then we need to compare Manager value from GRACREQOWNER with Custom Agent Rule Result.

Regards,

Madhu.

Hello all,

I´m trying to configure the solution proposed (link bellow). To be honest I´ve never used BRF+ and can´t do the configuration based on that information. Already tried some help with my teammates but no luck.

I´m wondering if someone can share more details about this configuration. Maybe a more detailed documentation about how things should be done. This is important for my client.

Thanks in advance,

Pedro

Hi Pedro!

Did you see this useful page?

Try configure described scenarios

Regards,

Artem

hope this helps.

It has info about if role owner and manager is same and requester and role owner is also same

Regards,

Prasant

Hello Prasant,

Thanks for your reply, your guide looks much more friendly than the other. Unfortunately I´m facing an issue at the first steps. I´ve created the rule exactly as recommended:

But when I opened the BRF+ I´ve faced the screen bellow:

When I right click it the option "Create" is not displayed. Also the application is not at the same hierarchy level as your print screens. Do you know why?

PS.: Everything was ok during the rule creating (green light for everything).

Regards,

Pedro

Yes, as said that function id, please click create on Application.

The top node.

Regards,

Prasant

Prasant,

Thanks for your reply. The problem is your documentation says to create the DB Lookup at the Z_INITIATOR_DBL Application (at top node), but this app is not created at my environment (as you can see at my printscreen). Should I create this DB Lookups inside "Access Request Appro"?

Regards,

Pedro

PLease find the screen and right click on application.

I understood that. But I have only the three applications bellow, Z_INITIATOR_DBL was not created running the Generate MSMP Rule.

Inside wich application should I create the DB Lookup? Should I manually create an Application called Z_INITIATOR_DBL? How?

Sorry for the many questions, I´m not familiar with BRF+.

Thanks in advance,

Pedro

Hello,

Yeah because you are in simple mode, change to expert mode, on right had side screen on top right corner you have setting change it to expert mode.

and the first arrow key is correct, Access Request approval is the one where you create your DB Lookup.

Regards,

Prasant

Hi Prasant,

After changing the mode to expert I was able to proceed with the guide steps. Now I´m facing other problem, let me detail to you.

1 - I´ve created the DB Lookups with one exception, the DB Lookup to get Role Owner:

I´m working with GRC AC 10.1. Any clue of what´s going on?

Regards,

Pedro

Looked the Image you missing the steps.

Into condition is missing.

I have mentioned in document you need to create a table ,then save & activate then select element.

Regards,

Prasant

Ask a Question