cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Reactivate user in grc 10

Go to solution
Former Member

on ‎02-15-2016 12:13 PM

0 Kudos

Hello experts,

We are struck with some configuration changes and not able to proceed further. Please suggest.

Scenario:

We have a request type Unlock Account (change & unlock and Assign actions). It follows one stage i.e Role Owner. The users which are locked for some time are invalidated and the ValidTo date is changed manually. When the GRC Request is triggered, it only Unlocks the User, but the validity dates are not change.

1. Tried with adding Roles with Validity date-- so now only roles validity is changed.

2. Added a system  in the request with Valid From and To date. Since we have Role Owner Stage it is throwing error as system dnt have owner.

3. We made a parallel workflow for Auto closure for System. If the Role owner rejects the role then the User validity is changed which it should not be.

in 5.3 we have valid from and to dates in the access request. So During provisioning the validity dates From and To are changed to the User, but in 10 we are struck.

Please suggest the configuration how to get this scenario.

Regards,

Ravi.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
‎02-18-2016 9:57 AM
0 Kudos

Ravi,

you should actually be able to achieve your requirement. First make sure that provisioning happens at end of the request, not at end of the path. Further change the stage settings of the role owner to "Rejection Level" request. The system can be routed to auto approval (empty path) as you have mentioned. With this set-up it should work.

Please do let me know.

Regards,

Alesandro

Show replies
Show replies
Former Member
‎02-18-2016 10:10 AM
0 Kudos

Hi Alesandro,

Thanks a lot for sharing the details.

I will try these configurations in my system. A quick basic query. We have the Escape Path condition as- Approver Not Found

So do this effect our scenario. Since we have a Singe stage (Roleowner)  in a path and adding system and role?

Regards,

Ravi.

Answers (2)

Answers (2)

former_member226273
Active Participant
‎02-18-2016 12:29 PM
0 Kudos

Hi Ravi,

Please change settings as suggested by Alessandro, this will solve issues 1 and 2. And no, this configurations will not lead the request to escaped due to no approver found.

regarding the rejection level settings at role owner stage, I guess following scenarios:

If you change Rejection Level to "request" for role owner, role owner wont be able to reject roles selectively.

If you keep rejection level as "System and Role" ,validity dates will be changed if role owner rejects all the roles and approves the request.

Please keep us informed of the output.

Kind regards,

Yashasvi

Show replies
Show replies
Former Member
‎02-19-2016 6:12 AM
0 Kudos

Hi Yashasvi,

Thanks for the details.

Yah sure.. we are about to start the configurations and will get you posted.

Thanks a lot for the detailed explanation

Regards,

Ravi.

Former Member
‎02-17-2016 4:00 PM
0 Kudos

Hi Ravi,

I also would like to have this functionality in AR, but it does not currently exist.  Validity date for user is not available to provision, as well as License type.  I think these are very important fields that should be accessible, but it looks like you will need to perform custom field configuration and mapping.  Unfortunately, I do not have instructions for you - I just wanted to confirm for you that this functionality does not currently exist in standard config.

-Ken

Show replies
Show replies
alessandr0
Active Contributor
‎02-18-2016 10:04 AM
0 Kudos

Ken,

the user does not have a valid to date - the valid to date comes from the system. Therefore you need to add the system as line item and change the validity date accordingly.

License type can only be achieved with custom fields.

Regards,

Alessandro

Ask a Question