Skip to Content
avatar image
Former Member

GRC - Multiple Ruleset

Hi All,

We have 2 rulesets for our ECC systems. During provisioning, the risk analysis run against the default ruleset we defined in parameter 1025 automatically and request is sent to related risk owner for approval. Is there anyway to select different ruleset in access request so request can be sent to the other group of approver?

We have tried:
1) Add both ruleset in parameter 1025 then submit access request with only one ruleset selected. Risk analysis is run for both ruleset and request is sent to both approvers.
2) Remove parameter 1025 then submit access request with only one ruleset selected. And again, risk analysis is run for both ruleset.

Is there anyway to specify different ruleset during provisioning?

Regards,
Ying

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Oct 20, 2015 at 03:21 PM

    Hi Ying,

    You can use BRF+ Multiple ruleset application "GRAC_MUL_RULESET_APPL" and can created decision table

    with entries to customize your requirement where you can specify which ruleset to be selected in access request

    based on request or role attributes.

    Regards,

    Madhu.


    SCN1.png (62.6 kB)
    Add comment
    10|10000 characters needed characters exceeded

    • Former Member plaban sahoo

      Hi Sahoo,

      I did create rulesets in function GRAC_BRFP_MULITPLE_RULESET and simulation seems pick up desired ruleset. I then mapped it in spro maintain AC applications and BRF+ function mapping and I have same result as you that provisioning request pick up the default ruleset not tje desired one.

      Any suggestion where to check further?

      Regards,

      Ying

  • Aug 14, 2016 at 04:53 PM

    Hi Ying/Timo,

    Got sometime and tried out BRF+ Multiple Rule Set functionality and it is working as expected.

    Please check out the document post of Multiple Rule Set functionality.

    GRC Multiple Rule Set Functionality

    Regards,

    Madhu

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 21, 2015 at 05:10 AM

    HI,

    could you show(screenshot), how 1025 had both rulesets simultaneously.

    Regards

    Plaban

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Timo,

      For rulebook, we tried below:

      1) Setup two rulebooks. Rulebook1 for connector1 and related risks assigned to riskowner1. Rulebook2 for connector2 and related risk assigned to riskowner2.

      2) Setup BRF rule to have risk from rulebook1 route to riskowner1 and risk from rulebook2 route to riskowner2 by connector.

      For BRF rule, we tried below:

      1) BRF+ -> GRAC_BRFP_MULTIPLE_RULESET -> get number from function -> complete mapping (spro -> grc -> ac -> maintain aC applications and BRFPlus function mapping)

      2) BRF+ -> GRAC_BRFP_MULTIPLE_RULESET -> go to function -> create ruleset, rule, loop, and decision table base on connector.

      Regards,

      Ying Ye