Skip to Content
avatar image
Former Member

GRC AC - Filter Role Type by Workflow

Hello all!

Our GRC AC is configured to work with Single and Composite Roles. We have 3 workflows to request access and the client wants to filter one of them to accept only Composite roles. Is it possible?

We need to maintain the other 2 workflows with the possibilite to request Single and Composite roles. Only one of them with the specified filter.

Thanks in advance,

Pedro

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 10, 2014 at 03:57 AM

    Hi Pedro,

    Do you want users to restrict for role search within access request; for single..composite et al.

    This can be done with role based authorization as well.

    Check for the authorization object: GRAC_ROLEP

    Here you can select the role type whichever you want users to be able ro search for.

    Let us know if you meant something else.

    Regards,

    Ameet

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Pedro,

      I am glad to know that you were able to make the most out of the provided suggestions. That's why we are here to share knowledge.

      You too have a good day.

      Cheers,

      Ameet

  • Oct 10, 2014 at 02:43 AM

    Hi Pedro,

    Can you explain about your 3 workflow scenarios.

    Are you using template based access requests?

    Regards,

    Madhu.

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Pedro,

      Are the users are fixed like Users 1 to 10 requests only SINGLE roles and Users 10 to 20 requests only COMPOSITE roles?

      If this is the scenario then controlling at auth object level using PFCG role is correct way as suggested by Ameet. If they can request sometimes SINGLE and sometimes COMPOSITE roles, then may be you need to have 2 different request templates and then within the templates role search can be restricted based on Functional area.

      Assign Fun Area 1 to Composite Roles and Maintain this Fun Area 1 in EUP 1 of Template 1 - So if the user access this Template, they can search only COMPOSITE roles.

      Assign Fun Area 2 to Single Roles and Maintain this Fun Area 2 in EUP 2 of Template 2 - So if the user access this Template, they can search only SINGLE roles.

      Regards,

      Madhu.