Skip to Content

Reactivate user in grc 10

Hello experts,

We are struck with some configuration changes and not able to proceed further. Please suggest.

Scenario:

We have a request type Unlock Account (change & unlock and Assign actions). It follows one stage i.e Role Owner. The users which are locked for some time are invalidated and the ValidTo date is changed manually. When the GRC Request is triggered, it only Unlocks the User, but the validity dates are not change.

1. Tried with adding Roles with Validity date-- so now only roles validity is changed.

2. Added a system  in the request with Valid From and To date. Since we have Role Owner Stage it is throwing error as system dnt have owner.

3. We made a parallel workflow for Auto closure for System. If the Role owner rejects the role then the User validity is changed which it should not be.

in 5.3 we have valid from and to dates in the access request. So During provisioning the validity dates From and To are changed to the User, but in 10 we are struck.

Please suggest the configuration how to get this scenario.

Regards,

Ravi.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Feb 18, 2016 at 09:57 AM

    Ravi,

    you should actually be able to achieve your requirement. First make sure that provisioning happens at end of the request, not at end of the path. Further change the stage settings of the role owner to "Rejection Level" request. The system can be routed to auto approval (empty path) as you have mentioned. With this set-up it should work.

    Please do let me know.

    Regards,

    Alesandro

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Alesandro,

      Thanks a lot for sharing the details.

      I will try these configurations in my system. A quick basic query. We have the Escape Path condition as- Approver Not Found

      So do this effect our scenario. Since we have a Singe stage (Roleowner)  in a path and adding system and role?

      Regards,

      Ravi.

  • Feb 18, 2016 at 12:29 PM

    Hi Ravi,

    Please change settings as suggested by Alessandro, this will solve issues 1 and 2. And no, this configurations will not lead the request to escaped due to no approver found.

    regarding the rejection level settings at role owner stage, I guess following scenarios:

    If you change Rejection Level to "request" for role owner, role owner wont be able to reject roles selectively.

    If you keep rejection level as "System and Role" ,validity dates will be changed if role owner rejects all the roles and approves the request.

    Please keep us informed of the output.

    Kind regards,

    Yashasvi

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Yashasvi,

      Thanks for the details.

      Yah sure.. we are about to start the configurations and will get you posted.

      Thanks a lot for the detailed explanation 😊

      Regards,

      Ravi.

  • Feb 17, 2016 at 04:00 PM

    Hi Ravi,

    I also would like to have this functionality in AR, but it does not currently exist.  Validity date for user is not available to provision, as well as License type.  I think these are very important fields that should be accessible, but it looks like you will need to perform custom field configuration and mapping.  Unfortunately, I do not have instructions for you - I just wanted to confirm for you that this functionality does not currently exist in standard config.

    -Ken

    Add comment
    10|10000 characters needed characters exceeded

    • Ken,

      the user does not have a valid to date - the valid to date comes from the system. Therefore you need to add the system as line item and change the validity date accordingly.

      License type can only be achieved with custom fields.

      Regards,

      Alessandro