on 04-29-2015 8:59 PM
Hi experts!
I need to configure an special "Change account" access request where I can assign some restricted roles to a user.
I want to create a BRF+ approver rule where:
- If the role is restricted, the request goes to an approver.
- If the role is not restricted, GRC must ignore the role and auto reject/cancel the line item. This is the issue I'm facing.
If I don't set any approver in the BRF+ rule for non-restricted roles, request's status will remain "pending".
I can't restrict permissions for users because we are using End User Logon and they won't have GRC account.
Do you have any idea of how to do this "auto reject" request?
Thanks in advance!
Melisa
Hi Melissa,
You can create a BRF+rule based on Role Critical Level:
Auto-Rejection is not possible as per standard GRC configuration setup. Basically what you can do is route the roles based on Critical Level to two different paths.
1. If the roles have critical level as RESTRICTED send to path with ROLE OWNER stage for approval.
2. If the roles have critical level as NOT RESTRICTED send to path with SECURITY ADMIN who need to manually REJECT these roles as Auto Rejection option is not available.
Since you already know which roles are NOT RESTRICTED as you maintain Critical level for these roles and you want these to be auto rejected, why don't you disable these roles from user selection in first place?
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.