cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict managers to create user access request in GRC.

Go to solution
Former Member

on ‎05-21-2015 3:58 AM

0 Kudos

We have a requirement to restrict managers to create user access request in GRC.

How can this done ?

Thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
‎05-21-2015 7:07 AM
0 Kudos

Dear Vijay,

personally I would recommend to remove activity 01 from GRAC_REQ for managers, so they cannot create access requests.

If a user does not have activity 01 the access request form is not visible and hence the user cannot submit a request. For all others it still works.

Let us know if you need further information.

Regards,

Alessandro

Show replies
Show replies
Former Member
‎05-22-2015 9:42 AM
0 Kudos

Thanks Alessandro. I will try as you said.

Answers (2)

Answers (2)

Former Member
‎05-21-2015 10:32 AM
0 Kudos

Hi Vijay,

Restriction on 'Create and Approve own request' is available through EUP. So,apply this EUP at manager Stage. This will primarily restrict a manager to approve his own created requests. This is the normal scenario.

Is a Manager not allowed to create any requests at all?, i.e for others for whom he is not the manager, also?If so, As Colleen said, if EUL is not used, then User creation can be restricted at many levels. - 1. Create A Manager page/tab(through Webdynpro), where user creation link is not available.

2. GRAC_REQ can be also be used to display requests only.

Regards

plaban

Show replies
Show replies
Former Member
‎05-22-2015 9:43 AM
0 Kudos

Hi Plaban,

I cannot see 'Create and Approve own request' field in EUP. Can you let me know how to do this.

Thanks.

Colleen
Advisor
Advisor
‎05-21-2015 6:14 AM
0 Kudos

Hi Vijay

Have you looked at using the normal ARQ form instead of the End User one? The Managers would then need SU01 account and security roles to use NWBC

If employees are required display, you would edit the End User Page and remove access request form creation links (if not using at all, deactivate the services)

It might be easier to let all request access and route the workflow to the Manager for review and approval first?

Regards

Colleen

Show replies
Show replies
Ask a Question