on 02-15-2016 12:13 PM
Hello experts,
We are struck with some configuration changes and not able to proceed further. Please suggest.
Scenario:
We have a request type Unlock Account (change & unlock and Assign actions). It follows one stage i.e Role Owner. The users which are locked for some time are invalidated and the ValidTo date is changed manually. When the GRC Request is triggered, it only Unlocks the User, but the validity dates are not change.
1. Tried with adding Roles with Validity date-- so now only roles validity is changed.
2. Added a system in the request with Valid From and To date. Since we have Role Owner Stage it is throwing error as system dnt have owner.
3. We made a parallel workflow for Auto closure for System. If the Role owner rejects the role then the User validity is changed which it should not be.
in 5.3 we have valid from and to dates in the access request. So During provisioning the validity dates From and To are changed to the User, but in 10 we are struck.
Please suggest the configuration how to get this scenario.
Regards,
Ravi.
Ravi,
you should actually be able to achieve your requirement. First make sure that provisioning happens at end of the request, not at end of the path. Further change the stage settings of the role owner to "Rejection Level" request. The system can be routed to auto approval (empty path) as you have mentioned. With this set-up it should work.
Please do let me know.
Regards,
Alesandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alesandro,
Thanks a lot for sharing the details.
I will try these configurations in my system. A quick basic query. We have the Escape Path condition as- Approver Not Found
So do this effect our scenario. Since we have a Singe stage (Roleowner) in a path and adding system and role?
Regards,
Ravi.
Hi Ravi,
Please change settings as suggested by Alessandro, this will solve issues 1 and 2. And no, this configurations will not lead the request to escaped due to no approver found.
regarding the rejection level settings at role owner stage, I guess following scenarios:
If you change Rejection Level to "request" for role owner, role owner wont be able to reject roles selectively.
If you keep rejection level as "System and Role" ,validity dates will be changed if role owner rejects all the roles and approves the request.
Please keep us informed of the output.
Kind regards,
Yashasvi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ravi,
I also would like to have this functionality in AR, but it does not currently exist. Validity date for user is not available to provision, as well as License type. I think these are very important fields that should be accessible, but it looks like you will need to perform custom field configuration and mapping. Unfortunately, I do not have instructions for you - I just wanted to confirm for you that this functionality does not currently exist in standard config.
-Ken
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.