on 08-31-2016 10:47 AM
Hi All,
thanks for feedback.
1028 and 1029 are already have value "YES".
Sync jobs also executed properly.
Flag "X" found in column expired in table GRACUSERCONN
SOD is not capturing while running the risk analysis before approving the access request for locked users.
Roles are getting provisioned and later user submitting the unlock request.
Due to this user is able to have the Roles with SOD. Found in adhoc analysis which executed monthly.
Hence looking for some solution to prevent these kind of scenarios.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Venu,
Make sure the parameters 1028 (expired) and 1029 (locked) are set to YES OR NO (as desired) - this will ensure that the locked and expired users would be Included OR Excluded while performing risk analysis. Importantly, make sure you have run the latest user sync (via repository object sync in IMG) - with this, the User Locked/Expired flag will be SYNCed from the Plugin system into GRC. This lock/expired flag can be seen in the table GRACUSERCONN - for the plugin connector for which you are raising a request and performing risk analysis within the Access Request. Once above is ensured, the risk analysis can be performed as desired. Thanks & Regards Japneet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Venu,
Set parameter 1029 to YES for performing risk analysis on Locked users.
However, you don't see a specific option in the RA screen for locked users. You can also include locked users from the plug-in system for RA.
When the system does the provisioning it does not check whether the user is locked or not. It just goes ahead and provisions the approved roles.
Regards,
Manju
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.