Skip to Content
0

SAP GRC EAM Workflow Superuser Access

Jun 08, 2017 at 08:02 PM

60

avatar image
Former Member

I am using Custom BRF+ initiator rule to assign superuser access. The workflow works and get the necessary approval from manager and FFID owner and assign the FF ID to FF USER in GRC Server, if the FF user already exits. This mean FF USER ID should exist in both ECC and GRC server. If FF user ID does not exist in GRC server, the workflow log gives FFID assigned, which is false as FF user does not exist in GRC server. Is there a way in GRC system to enable the system to create FF user in GRC server, if the user id does not exist, rather than security team manually creating the same?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

avatar image
Former Member Jun 14, 2017 at 12:32 AM
0

Any input apprecaited

Share
10 |10000 characters needed characters left characters exceeded
Ken Golden Feb 09 at 03:51 PM
0

Hi Manpreet,

Are you using Centralized EAM or Decentralized?

The workflow will not be able to create a new user with the necessary roles assigned for user FF in GRC, within a FF assignment request. This needs to be performed in it's own New Account request. Your policy for assigning FF access should include a check to see if the user exists in GRC first, manually. This is not laborsome and is much easier that custom developing all the conditions and logic required to kick off a new account request within a Firefighter assignment request.

-Ken

Share
10 |10000 characters needed characters left characters exceeded