on 05-21-2015 3:58 AM
We have a requirement to restrict managers to create user access request in GRC.
How can this done ?
Thanks in advance.
Dear Vijay,
personally I would recommend to remove activity 01 from GRAC_REQ for managers, so they cannot create access requests.
If a user does not have activity 01 the access request form is not visible and hence the user cannot submit a request. For all others it still works.
Let us know if you need further information.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vijay,
Restriction on 'Create and Approve own request' is available through EUP. So,apply this EUP at manager Stage. This will primarily restrict a manager to approve his own created requests. This is the normal scenario.
Is a Manager not allowed to create any requests at all?, i.e for others for whom he is not the manager, also?If so, As Colleen said, if EUL is not used, then User creation can be restricted at many levels. - 1. Create A Manager page/tab(through Webdynpro), where user creation link is not available.
2. GRAC_REQ can be also be used to display requests only.
Regards
plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vijay
Have you looked at using the normal ARQ form instead of the End User one? The Managers would then need SU01 account and security roles to use NWBC
If employees are required display, you would edit the End User Page and remove access request form creation links (if not using at all, deactivate the services)
It might be easier to let all request access and route the workflow to the Manager for review and approval first?
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.