I am using Custom BRF+ initiator rule to assign superuser access. The workflow works and get the necessary approval from manager and FFID owner and assign the FF ID to FF USER in GRC Server, if the FF user already exits. This mean FF USER ID should exist in both ECC and GRC server. If FF user ID does not exist in GRC server, the workflow log gives FFID assigned, which is false as FF user does not exist in GRC server. Is there a way in GRC system to enable the system to create FF user in GRC server, if the user id does not exist, rather than security team manually creating the same?
2 Answers
-
Feb 09 at 03:51 PM
Hi Manpreet,
Are you using Centralized EAM or Decentralized?
The workflow will not be able to create a new user with the necessary roles assigned for user FF in GRC, within a FF assignment request. This needs to be performed in it's own New Account request. Your policy for assigning FF access should include a check to see if the user exists in GRC first, manually. This is not laborsome and is much easier that custom developing all the conditions and logic required to kick off a new account request within a Firefighter assignment request.
-Ken
Add comment
Add comment