cancel
Showing results for 
Search instead for 
Did you mean: 

Admin Unlock Restriction from access request

Former Member
0 Kudos

Hello,

I am looking for the way to restrict the admin unlock for user when user raised the unlock request in GRC 10.1.

If user locked by admin they don't want to unlock user by access request.

Thanks & Regards,

Lakshmi

Accepted Solutions (0)

Answers (3)

Answers (3)

Colleen
Advisor
Advisor
0 Kudos

Hi Lakshmi

If you don't want to use GRC to handle and Administration unlock then how do you intend to manage it?

Password Self Service will not unlock and Administration Lock. Access Request would have approval steps no different to a Create User scenario, etc.

What is the business reason issue that you are actually trying to solve?

Regards

Colleen

plaban_sahoo6
Contributor
0 Kudos

Hi,

A procedure call(with a call to the function/program) can be created to retrieve value from table USR02(field UFLAG). the input to the program, via the procedure call has to be the user id in GRC request. Thereafter the output of the procedure call has to be taken in a data element.

Then in a decision table, provide diff. Rule results for lock values. then route these diff. rule results, into diff. paths and assign diff. teams. For the team, that gets the value 64, its activity would only be reject the requests. All other requests can be unlocked.

If the above does not suit, then the security team has to look for the lock value for every id raised for unlock.

BR

plaban

Former Member
0 Kudos

Create the right request types with the correct actions and and ensure that the authorization within the roles assigned to users does not allow them to create such a request.

You may also want to ensure that the right person receives the lock request to approve (or reject in your case).