cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best practice of role management in BRM.

Go to solution
jameswenjian_you
Explorer

on ‎03-12-2015 2:12 PM

0 Kudos

Dear GRC Experts

Here I want to discuss with you about the best practice of role management in BRM.

We create connection and connect to development systems. Once I create or change roles in BRM, the GRC will link to development system and push all changes into development systems. Then I need to follow the system changing process to manually create change request and transport all changed roles to Q and P systems.

But, how can I delete roles in BRM? If I delete roles in BRM, how can I transport roles deletion into Q and P systems?

Thank you in advance

James

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
‎03-12-2015 2:19 PM

Hi James,

Role Deletion should follow your change management process: what we follow is:

1. Delete the roles from BRM. Enable option to delete roles only from Front end NWBC using (3009 - Allow Role Deletion from Back-End - set as NO)

2. Then create a transport request in DEV with all the roles to be deleted and once they are included in the transport, delete the roles and move the transport to QA and PRD.

But if your query is more on Deleting the role changes if role owner rejects the changes in BRM process, please check below thread where the same point has been discussed recently

Regards,

Madhu.

Show replies
Show replies
jameswenjian_you
Explorer
‎03-12-2015 3:10 PM
0 Kudos

Hi  Madhu

Then I need to set the parameter 3009 as No to disable role deletion via PFCG, right?

Also, I'm not sure if the front NWBC role deletion can be included into change request

Regards

James

madhusap
Active Contributor
‎03-12-2015 3:56 PM
0 Kudos

Hi James,

When you delete role from BRM you will have option to delete from both backend and frontend if you set 3009 as YES.

If set as NO you can just delete role from BRM and from backend can follow change management process.

Regards,

Madhu.

jameswenjian_you
Explorer
‎03-13-2015 1:28 AM
0 Kudos

Hi  Madhu

If I keep the default value "Yes" of parameter 3009,  I cannot follow change management process to transport the roles deletion right? I guess the background roles deletion cannot be bundled into change request, right?

Best regards

James

madhusap
Active Contributor
‎03-13-2015 1:19 PM
0 Kudos

Hi James,

1. Set 3009 parameter as YES

2. First include all the roles you wish to delete to a transport request

3. Now deletes the roles from BRM selecting delete role in both backend and frontend

4. Once the roles are deleted then release and move your transport to QA and PRD which is similar to normal transport process.

Regards,

Madhu.

jameswenjian_you
Explorer
‎03-15-2015 12:35 PM
0 Kudos

Hi Madhu

Got it, thank you very much. I'll update you the testing result

Best regards

James

Answers (1)

Answers (1)

Colleen
Advisor
Advisor
‎03-12-2015 2:16 PM
0 Kudos

I Assume you bundle the transport first and then delete from GRC?

Show replies
Show replies
jameswenjian_you
Explorer
‎03-12-2015 3:12 PM
0 Kudos

Hi  Colleen

Is it possible that the role deletion via GRC front NWBC can be included into change request? Thank you

Regards

James

Ask a Question