cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Workflow for Super User Access - ID determins WF path

Rich_Turnquist
Participant

on ‎01-26-2015 4:36 PM

0 Kudos

Hi.  We are live GRC 10.1 for Access Control and we have a workflow in place for our super user requests.

We have three types of Super User ids available for the team to request.  Each ID "type" follows a different workflow path.

I created a request type for each of the super user id types.  My decision table uses the request type to determine the workflow path.

The issue I found was that someone can select a request type, but then select a super user ID that does not relate to the request type.  The result is that the request workflows down the wrong path.  So I need to update the workflow to use the super user ID being selected in addition to the request type.

Do I need to create a loop rule to go through the super user id(s) requested?  I created a loop for user defaults because we have different defaults based on the connectors in the access request.  Thinking about this it sounds like this is what I need to do for the access request workflow too.

I was hoping someone else has implemented a workflow where it's based on the super user ID being requested.  Actually if anyone implemented a workflow that is determined by any object requested in the ALV section (role, system, pd profile, etc..) it would probably be the same thing in BRF+.

Looking for feedback.

Thanks,

Rich

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

patrick_weyers
Participant
‎01-27-2015 3:16 PM
0 Kudos

Hi Richard,

If you are going to need a loop (rather than a BRF+ flat rule) will depend on the following question:

Will the path be determined for each Firefighter ID individually or will a path be determined for the entire request?

In the first case, you can use a BRF+ flat rule with a decision table based on the line item and the name of the firefighter ID. If an access requests contains multiple firefighter IDs that will route to a different workflow, you are going to have multiple paths within the same request (which is absolutely fine, so long as you desire it to be that way!). This is rather straight forward and I've done this many times for example for role names.

In the second case, you are going to have to define a loop. In this case, you would need to define the conditions that trigger the workflow for the entire request. Specifically, you are going to have to tell the system what should happen if the user requests different firefighter IDs. This is the more complex scenario but from how I understand you, the first scenario will be applicable.

Hope this helps and do let me know if you have further questions!

Show replies
Show replies
former_member251105
Discoverer
‎05-20-2015 10:17 PM
0 Kudos

Hello,

can any body say me please with which context data object in the decision table I can find the firefighter ID?

Thank you.

Regards

FilipGRC
Contributor
‎01-26-2015 8:00 PM
0 Kudos

Hi Richard,

how does those 3 different super user ID types are differentiated?  I would try with adding another criteria to your initiator rule, for example user group or other specific criteria which differentiate this different superuser type.

How to do this?

Please look at this article:

in point 4.1 it is described how initiator rule is updated with request type, if you follow the same logic and add another criteria for initiator rule.

I think user group would be the best (requires FF account assignment to user group) but in the worst case scenario (hard to maintain) you could different path based on USER ID.

Filip

Show replies
Show replies
Ask a Question