cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.1 - Auto reject access request

Go to solution
Former Member

on ‎04-29-2015 8:59 PM

0 Kudos

Hi experts!

I need to configure an special "Change account" access request where I can assign some restricted roles to a user.

I want to create a BRF+ approver rule where:

- If the role is restricted, the request goes to an approver.

- If the role is not restricted, GRC must ignore the role and auto reject/cancel the line item. This is the issue I'm facing.

If I don't set any approver in the BRF+ rule for non-restricted roles, request's status will remain "pending".

I can't restrict permissions for users because we are using End User Logon and they won't have GRC account.

Do you have any idea of how to do this "auto reject" request?

Thanks in advance!

Melisa

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
‎05-03-2015 6:00 AM
0 Kudos

Hi Melissa,

You can create a BRF+rule based on Role Critical Level:

Auto-Rejection is not possible as per standard GRC configuration setup. Basically what you can do is route the roles based on Critical Level to two different paths.

1. If the roles have critical level as RESTRICTED send to path with ROLE OWNER stage for approval.

2. If the roles have critical level as NOT RESTRICTED send to path with SECURITY ADMIN who need to manually REJECT these roles as Auto Rejection option is not available.

Since you already know which roles are NOT RESTRICTED as you maintain Critical level for these roles and you want these to be auto rejected, why don't you disable these roles from user selection in first place?

Regards,

Madhu.

Show replies
Show replies
Former Member
‎05-04-2015 2:27 PM
0 Kudos

Hi Madhu,

Thanks for your response!

I have two types of "Change account" access request": to assign critical roles and to assign non-critical roles, so I can't disable any role for user selection.

However, your solution is very useful; I'll configure it that way!

Regards,

Melisa

Former Member
‎05-05-2015 1:13 AM
0 Kudos

Hi Melisa,

When Non-critical roles are to be rejected, you can disable them for parameter 'Access request Role Selection'. if not, could you tell me why. Why would you create the request for non-critical roles, and then reject it

Regards

Plaban

Former Member
‎05-07-2015 7:35 PM
0 Kudos

Hi Pablan!

Thank you for collaborating! I can't disable that parameter because I need to assign both critical and non-critical roles, but in different access request (each of them has different workflows).

Regards,

Melisa

Answers (0)

Ask a Question