cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change of Business role to tech role mapping

Former Member

on ‎10-15-2014 11:27 AM

0 Kudos

Hi All,

I have business roles created and maintained in IDM. I have also pulled GRC tech roles (privilege) from GRC within IDM. I have mapped GRC tech roles (privilege) with Business roles. These business roles are assigned to users and as a result users received GRC tech roles as privilege. Now I am mapping new GRC tech roles/privileges with business role (which is already assigned to user). Let me know whether system will automatically (out of the box) trigger the GRC provisioning framework and assign the new privilege to user (who has the business role)? If not then how this use case can be taken care?

Thanks,

Dhiman Paul.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎10-16-2014 5:14 AM
0 Kudos

Hi Steffi,

I have tested the same scenario using one test user but GRC provisioning framawork is getting triggered on MX_ROLE. It might be because new tech role is getting assigned to the business role. But the business role is already assigned to the user, for which a request should get created to assign the newly added tech role to user.

When GRC provisioning framework is getting triggered due to this role change event, "Submit AC request" task is trying to fetch user parameter from MX_ROLE and failing. But when I am assigning a new business role (with pre-defined tech roles mapped) then the same task is fetching all user parameter from MX_PERSON.

Any clue?

Thanks,

Dhiman Paul.

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎10-16-2014 7:22 AM
0 Kudos

Hmm, it would be strange, if this provisioning worked different from say an ABAP role provisioning to a simple SAP system.

Did you check if reconcilation is planned through one of your jobs/dispatchers like Jaisuryan suggested? That should find the change in BR content and trigger the provisioning of the new content.

jaisuryan
Active Contributor
‎10-15-2014 12:06 PM
0 Kudos

Hi Dhiman,

I guess we should make sure to check "Reconcile dirty entries" in Housekeeping tab in Dispatchers node to get this happen or to schedule "Reconcile dirty entries job" if you are using old version.

BR//Jaisuryan

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎10-15-2014 11:41 AM
0 Kudos

Hello Dhiman,

I'd say the default it, that it should do that. Why don't you just test it with a test role on your own user or a test user? Then you know for sure.

Sometimes there are problems with provisioning the new privileges to the users, when a role is changed (new privileges are added or some removed).

Regards,

Steffi.

Show replies
Show replies
Ask a Question