on 02-04-2016 2:48 AM
Hi Friends,
We are implementing ARM and we are facing issues with the design. Please help.
We want the workflow as below:
1) Access Request submitted
2) If there are SOD violations, route it to Security/point of contact. Security will mitigate and either send back to role owner approver or
auto provisioning
3) If No SOD, it should goto role owner approval stage and then auto provisioning
If the request is for role remove, it should go to auto provisioning without approvals but notify the role owner.
Please help me.
Thanks,
Hi Krishna ,
In your case you have to route your request based on risk analysis at request submission.
You can use the Function module GRAC_INITIATOR_SOD_VIOLATIONS , this is a initiator rule and it executes at the time of request submission.
So this means you will have to maintain this initiator rule in your Global Rules area.
There will be two results for this initiator SOD_VIOLATIONS and NO_SOD_VIOLATIONS.
So the request can take two paths based on the risk results one will be Role owner and other will be to security.
Let me know if this is what you were looking for.
Regards
Harsha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vamsi,
You should make use of BRF+ application to customize the workflows.
Under GRAC Access request management process ID please create initiator rules.
Create two initiator rules 1. For Role assignment 2. Role removal
Create Agent rule and maintain agents as approvers (Role Owner and Security POC).
Create Route mappings as per the initiator rule and map the same to stages and paths.
You may also have to create Routing rule to send back the request from Security POC to role owner.
Create necessary notifications to send updates about the request to the concerned requestors. You may please go through the below link for more detailed explanation.
Actually your question cannot be answered in SCN forums. Please dig the GRC book and explore yourself. SCN always there to help you to do better if you got stuck at any point.
Regards,
Surya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Surya! I have already created the rules, BRF+ but it is working as below.
1) Request submitted
2) Role Owner approval
3) SOD violation - detour to Security
but I need help in configuring other way.
1) Request submitted
2) SOD violation - detour to Security
3) Role Owner approval
How can we create 2 initiator rules and map to one Process ID? I dont think it is possible
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.