on 10-16-2015 5:28 AM
Hi All,
We have 2 rulesets for our ECC systems. During provisioning, the risk analysis run against the default ruleset we defined in parameter 1025 automatically and request is sent to related risk owner for approval. Is there anyway to select different ruleset in access request so request can be sent to the other group of approver?
We have tried:
1) Add both ruleset in parameter 1025 then submit access request with only one ruleset selected. Risk analysis is run for both ruleset and request is sent to both approvers.
2) Remove parameter 1025 then submit access request with only one ruleset selected. And again, risk analysis is run for both ruleset.
Is there anyway to specify different ruleset during provisioning?
Regards,
Ying
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Madhu,
I think, we need to activate the function in 'Maintain AC applications and BRFplus Function mapping'. i did this , but my request did not use the desired ruleset. it used the ruleset in 1025.
But, in 'Maintain AC applications and BRFplus Function mapping, the default Application against Multiple ruleset is GRAC_BRFP_MULITPLE_RULESET.
Could you say, if any of your BRF+ application(for ruleset) works
Regards
Plaban
Hi Sahoo,
I did create rulesets in function GRAC_BRFP_MULITPLE_RULESET and simulation seems pick up desired ruleset. I then mapped it in spro maintain AC applications and BRF+ function mapping and I have same result as you that provisioning request pick up the default ruleset not tje desired one.
Any suggestion where to check further?
Regards,
Ying
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI,
could you show(screenshot), how 1025 had both rulesets simultaneously.
Regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can manually type in ruleset name in 1025. You can verify the result in provisioning audit log. There is description in audit log shows "Automatic risk analysis performed successfully using ruleset A and B". (our GRC is 10.0 SP19). You can also verify it by assign different risk owner for testing purpose. If it sent to both approvers for approval, that's mean it checks against both rulesets. I have tested remove 1025 also. The result is same as multiple rulesets in 1025.
Hi Rizwan,
The data pass to multiple ruleset BRF rule method is executed from PROCESS_MULTIPLE_RULESET of CL_GRAC_RULES class and it doesn't contains any user specific field. The only fields populated from there are request ID, role ID, role type, role connector, criticality level and connector.
We created message to SAP on this and ended up using connector to route provisioning request to different tenant.
Regards,
Ying Ye
Hi Timo,
For rulebook, we tried below:
1) Setup two rulebooks. Rulebook1 for connector1 and related risks assigned to riskowner1. Rulebook2 for connector2 and related risk assigned to riskowner2.
2) Setup BRF rule to have risk from rulebook1 route to riskowner1 and risk from rulebook2 route to riskowner2 by connector.
For BRF rule, we tried below:
1) BRF+ -> GRAC_BRFP_MULTIPLE_RULESET -> get number from function -> complete mapping (spro -> grc -> ac -> maintain aC applications and BRFPlus function mapping)
2) BRF+ -> GRAC_BRFP_MULTIPLE_RULESET -> go to function -> create ruleset, rule, loop, and decision table base on connector.
Regards,
Ying Ye
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.