on 09-15-2015 3:06 PM
Hello everyone,
I am designing the workflow for requesting access GRC 10.0 and the main idea is to avoid BRF + rules for the following case:
I need to create a way to read a list of roles that are already approved by the business and provisioned automatically without asking for approval on stage. if you can create a list of roles that do not ask for approval? and only pass through the stage roles that require approval under the same application ?.
They can colaborarme with ideas for the theme. Thank you very much for your answers!
Regards,
Freddy
hi Freddy,
how would GRC know, that these roles are already approved by business?
So, Create a custom table, in GRC system, with 2 fields Role_Name and Approval_Status. Maintain this table manually, at back-end where you mark, roles approved by Business as YES, else NO
Now, include a DBLookup, in your decision table, which returns a BOOLEAN value, from this table. i.e, YES, if Approval_STATUS is YES
condition in DBLookup: where GRAC_S_REQUEST_RULE_LINE_ROLE_NAME = Role_Name
For YES, include a Rule result, which goes to a path, with no stages. For NO, the rule resuly should route to a path, for approval.
Regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think,
you can easily find which roles are already assigned to users from table GRACROLEUSAGE.
this has information which role has already been assigned to user on which system.
i do not think of creating another table and making development of updating that table using sync job. as standard sync job will not update that custom table.
BRF+ will help using DB LOOKUP only to roles which are already assigned to user.
Sync job interval will play important role.
Regards,
Prasant
Dear Freddy,
I had similar requirements and used a role attribute to identify pre-approved roles. In one case we used a business process (incl. subprocess) to auto approve roles. In that particular case we defined a business process "Technical > Auto Approval". Within BRF+ we then routed this roles to a path without stages (= auto approval).
Another option might be to define a custom table and define a function module that checks / compares requested roles with pre-approved roles and route them to a path with no stages.
It is also possible to approve roles without approvers. But by activating this function you need to consider any security issue if another role (beside the pre-approved) has no approve since this role will also be approved.
I recommend to use BRF+ or a function module to achieve your requirement. BRF+ delivers standard functionality to modify your workflow behaviour.
Keep us posted.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.