Skip to Content

GRC 10.1 - BRF+ rule for user group assignment through user defaults (ARQ)

Mar 01, 2017 at 02:58 PM


avatar image

Hi All.

I am trying to achieve a user group provisioning logic using GRC.

I have performed all the steps mentioned below, but still the user groups are not getting provisioned, whereas the normal Access request is going through and user created.

Is there anything that I am missing with the set up as below :

  • Created user defaults ( group) for each connector and generated the default ID.
  • Ensured Request type ‘Create user’ has ‘User defaults’ mentioned in its actions.
  • Ensured that the ‘User Defaults’ Application ID is mapped to the access req. process ID.
  • Created a decision table providing the output to User_default_ID associated with the application. Our logic is based on Business process and Sub process selections (Decision table simulations are providing us with as expected results).
  • Created loop for condition to process multiple line items that maybe part of a request – We do have multiple systems provisioning through a single request.
  • Created Ruleset with the rule to change USER_DEFAULT_ID after processing the loop… also ensured that the function has the ruleset associated and the result data object mentioned.
  • ——————————-
  • ———————————

Please advise.



10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Best Answer
Akhil Venugopal May 16, 2017 at 07:51 PM

This issue has been resolved - the fix was very simple and was an oversight.

The BRF+ rule as set up above in the question works as expected.

Our issue was with the very setup of the defaults. While setting up the user defaults, I had entered the usergroup in the "set the user group" subfolder instead of maintaining the user group in "User group auth" and was checking the logon data tab in SU01 at the time of provisioning. Once I maintained the user group auth field with the appropriate value and ran the BRF+ rule, I was able to see the assignment of the usre group under the logon data tab in SU01.



user-default.png (49.8 kB)
10 |10000 characters needed characters left characters exceeded
Alessandro Banzer
Mar 02, 2017 at 12:10 AM

Hi Akhil,

how does your audit log look like? Does it say that user defaults get applied? Did you simulate the BRF+ rule to make sure it is working properly?

It's very difficult to help with BRF+ issues if I am not in front of the system :-)

Cheers, Alessandro

10 |10000 characters needed characters left characters exceeded
Mohite Onkar May 03, 2017 at 07:26 PM


We are facing the same issue. My BRF+ returning the correct values in simulation. And audit log is coming in normal way.

10 |10000 characters needed characters left characters exceeded