cancel
Showing results for 
Search instead for 
Did you mean: 

Restricting different roles from provisioning

Former Member
0 Kudos

Do we have any parameter or config if we want to restrict the composite and single role from provisioning?

Except the solution we have to change the provision type in BRM or while uploading the role file?

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
0 Kudos

Hi Somik,

Can you explain your requirement as why you want the roles to be available for end user selection and after approval why you don't want them to provision?

For the role you can maintain AUTO PROVISIONING as NO else route the roles based on role type to separate path and ask the approver of that stage to reject the roles.

Regards,

Madhu.

Former Member
0 Kudos

Hi Madhu,

We want to provision business roles only from ARM.

If someone applies for only composite or single role by mistake,it should not be provisioned.

madhusap
Active Contributor
0 Kudos

Hi Somik,

If that is the requirement just disable the composite and single roles from end user selection which will suffice your requirement.

Any issues with that?

Regards,

Madhu.

Former Member
0 Kudos

can you please give a screenshot?

madhusap
Active Contributor
0 Kudos

Hi Somik,

Just maintain role status as DEVELOPMENT and not PRODUCTION then the roles will not be available for end user selection.

Regards,

Madhu.

Former Member
0 Kudos

Hi Madhu,

In Which section you mean?

madhusap
Active Contributor
0 Kudos

Hi Somik,

Regards,

Madhu

Former Member
0 Kudos

Thanks a lot Madhu!

So you mean this needs to done every time a new role created  in BRM or we upload a role.

Former Member
0 Kudos

If we set this globally,how will it differ in case of Business roles which want to allow for provisioning?

madhusap
Active Contributor
0 Kudos

Yeah..this role status can be set for every role using role template during import or also can update using Role Mass Update functionality.

For business roles also you need to set this parameter to make them available in access request and it is same for all types of roles.

Regards,

Madhu.

Former Member
0 Kudos

Thanks Madhu.

But if I do that that role will not be provisioned which will be a trouble again.

My intention is in access request while someone comes to submit one GRC request,they should not see composite/single role in drop down of role types,only business roles will come.Do we have any config parameter?

alessandr0
Active Contributor
0 Kudos

Dear Somik,

therefore use the authorization object GRAC_ROLE and set the role type (GRAC_RLTYP) to BUS:


Regards,

Alessandro

Former Member
0 Kudos

in which role you mean?

Answers (0)