Skip to Content
avatar image
Former Member

GRC 10.1 - BRF+ rule for user group assignment through user defaults (ARQ)

Hi All.

I am trying to achieve a user group provisioning logic using GRC.

I have performed all the steps mentioned below, but still the user groups are not getting provisioned, whereas the normal Access request is going through and user created.

Is there anything that I am missing with the set up as below :

  • Created user defaults ( group) for each connector and generated the default ID.
  • Ensured Request type ‘Create user’ has ‘User defaults’ mentioned in its actions.
  • Ensured that the ‘User Defaults’ Application ID is mapped to the access req. process ID.
  • Created a decision table providing the output to User_default_ID associated with the application. Our logic is based on Business process and Sub process selections (Decision table simulations are providing us with as expected results).
  • Created loop for condition to process multiple line items that maybe part of a request – We do have multiple systems provisioning through a single request.
  • Created Ruleset with the rule to change USER_DEFAULT_ID after processing the loop… also ensured that the function has the ruleset associated and the result data object mentioned.
  • ——————————-
  • ———————————

Please advise.

Regards,

Akhil

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    May 16, 2017 at 07:51 PM

    This issue has been resolved - the fix was very simple and was an oversight.

    The BRF+ rule as set up above in the question works as expected.

    Our issue was with the very setup of the defaults. While setting up the user defaults, I had entered the usergroup in the "set the user group" subfolder instead of maintaining the user group in "User group auth" and was checking the logon data tab in SU01 at the time of provisioning. Once I maintained the user group auth field with the appropriate value and ran the BRF+ rule, I was able to see the assignment of the usre group under the logon data tab in SU01.

    Regards,

    Akhil

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 02, 2017 at 12:10 AM

    Hi Akhil,

    how does your audit log look like? Does it say that user defaults get applied? Did you simulate the BRF+ rule to make sure it is working properly?

    It's very difficult to help with BRF+ issues if I am not in front of the system :-)

    Cheers, Alessandro

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 03, 2017 at 07:26 PM

    Hello,

    We are facing the same issue. My BRF+ returning the correct values in simulation. And audit log is coming in normal way.

    Add comment
    10|10000 characters needed characters exceeded