cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BRF + Setup for change role account request.

former_member218393
Participant

on ‎10-21-2015 4:41 AM

0 Kudos

Hi Experts,

I have one requirement in GRC request.

Scenario : I want to assign some roles to user, but user is already expired (in past validity). So in that case if i will raise a change account role assignment request (only to assign some extra role to existing user ) with roles which will lead to conflict, then the conflict can't be checked during approval process as user is in past validity. So user will be assigned with conflicting role, and later when user will get activated then the SOD will pop up during the report.

Requirement : So now the requirement is that, requester should not able to raise a role assignment request when user is in past validity.

So what will be the BRF+ configuration for this scenario only. Can this be done for only change role request type with the existing BRF+ Initiator rule.

Please let me know in case more information.


Thanks in advance.


Regards,

Biswaranjan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

plaban_sahoo6
Contributor
‎10-21-2015 8:58 AM
0 Kudos

HI Biswa,

An immediate solution is to set parameter 1028 as NO, or to remove the expired users from system. I cannot recall now, if there is any standard functionality which restricts Request creation, for Expired user. So, i suggest, let the request be created, but route it to a path, where Security team rejects it.

So, in BRF+, use DBLookup to retrieve Valid to date from GRACUSERCONN, and if the same is less than System's date(from SYST), then route it to Rejection path. Else, route it to remaining paths

Regards

Plaban

Show replies
Show replies
Ask a Question