I'm just wondering how you are maintaining the access in GRC for managers to be able to approve access requests from their team members as they show-up in LDAP.
We have a plan to include the manager approval at the first stage of the workflow but it won't be easy to keep the GRC access accurate against the LDAP that receives user details from our HR DB (Successfactor)
Our concern is when a manager is newly named and if a GRC access request is processed we might not have that manager account setup in our GRC system and therefore he won't be able to approve and even not receive anything in his work inbox.
How can we ensure to keep the GRC access in synch with the LDAP and HR for managers ?
Did someone setup HR triggers to automatically submit an access request through GRC to create the account with the appropriate roles in the GRC system itself?
For those who didn’t setup HR triggers, do you have a manual process to be in synch ?
The same question would be about managers that are moving to a self leader position as here we will need to ensure that approval capabilities and even the entire GRC access are removed.
What about the AC owner master data piece update ?
Do you have any best practice to keep GRC in synch for managers ?
Concerning the delegation for manager approvals, I could see that SAP IDM is proposing or will propose some context based permission to allow someone that receives delegation authority to approve.
Does someone know if GRC will receive that capability as well in the future ?
If not already in the roadmap, it would be interesting to have it.
Feel free to share your thoughts.