Skip to Content

Unable to find any rule ID's built already in BRF+

Hi all,

I am trying to configure a workflow which at Role owner stage should check if condition

a) If SOD issue exists  and condition b) If user belong to user group USG1 then it must goto path1 SODPATH1

C) If SOD issue exists  and condition D) If user belong to user group USG2 then it must goto path2 SODPATH2

E) If SOD issue exists  and condition F) If user belong to user group USG3 then it must goto path3 SODPATH3

For this I am trying to combine the standard rule ID "GRAC_MSMP_DETOUR_SODVIOL" that is configured in Role onwer as detour path to check SOD issues and the Custom condition that will check the user group as well into one Custom Routing rule ID.

I am unable to find the standard rule ID GRAC_MSMP_DETOUR_SODVIOL from whcih I can copy to create my Custon Rule.

I am in GRC 10 and i am unabel to find it. Could someone help me here please?

Thanks

Lakshmi

brf+ 1.png (25.1 kB)
brf+.png (27.4 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Oct 07, 2015 at 02:02 AM

    Hi,

    It is not a BRF+ rule id. So, you cannot find it there.you can find it in SE37.

    regd., your approach, you would have to create as many paths as user groups, you have. Can you explain what difference a SOD PATH has, from the other. However, you can create a Custom Routing rule where you can use Procedure call/Table operation to retrieve Risk Analysis result and direct the workflow to desired SOD PATH, as per user group. The decision table of Routing rule should then contain Risk Analysis result and User group as input Column. Please search GRC forum for Procedure call/Table operation

    Regards

    Plaban

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 30, 2015 at 09:14 PM

    Thanks Plaban. I have also verified the decision table and on runnign the simulation all conditions seem to work correctly.

    But however when I submit a new Access request with roel that has SOD conflicts. The workflow does not pick up the new rule ID that I have configured it considers that as no conflict and comes to next stage(Security stage in my case).

    Below is how I have configured in MSMP.

    Not sure what I have missed. Could someone please help!!

    Thanks

    Lakshmi

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 03, 2015 at 03:13 PM

    Yes Plaban.

    Its a routing rule ID created through Procedure call.  And the decision table is working fine individually when I supply request # and Company data as input parameters.

    Should I reactivate BRF+ desicion table?

    Thanks

    Lakshmi

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 04, 2015 at 04:07 PM

    Also not sure why my decision table is asking me to provide 2 input parameters , Access request # and user's company data. I am expecting my workflow to pick the company data also fromt he Access request form submitted.

    Is this the reason why my routing rule is not getting picked up?

    I followed the document AC10.0/10.1: Create Rule Based on Risk Violation in Request, Using BRF+ Procedure Calls

    and called the Functional module GRAC_IDM_RISK_WITH_NO_SERVICES in Procedure call even if I am not using IDM. Is this appropriate?

    I am seeing another functional module GRAC_IDM_RISK_WOUT_NO_SERVICES .Can this be used. The import parameters in this FM does not bring the Comapny filed that I would like to validate for routing my request.

    All I am looking for is when Access request is submitted and gets to role owner stage and when SOD issue exists it should pick the Company data and route it to appropriate SOX team for that company .If no SOD issue then it should simply get to the next stage in the current path next to role owner.

    Any thoughts and advise please?

    Thanks

    Lakshmi

    Message was edited by: Lakshmi Priya

    Add comment
    10|10000 characters needed characters exceeded