Skip to Content
0

Configure FFID Assignment workflow in GRC 10.1 using Decision table

Feb 21 at 04:17 PM

57

avatar image

Hi

We are in GRC 10.1 SP 15 and is integrated with SAP IDM. All role assignments happen through IDM but only for risk analysis purpose requests are flown to GRC.

BRF+ is configured accordingly using Procedure calls and Table operations and made use of process ID: SAP_GRAC_ACCESS_REQUEST

Now, my client wants to configure workflow for FFID assignment in GRC. This means we should make use of same Process ID: SAP_GRAC_ACCESS_REQUEST.

Please suggest/help if I add one more line item to BRF+ existing decision table with Request type and Rule Result as additional columns, will it route to the desired path? Is it recommended approach and does it disturb requests from IDM? Thank you.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Gustavo Soares Feb 26 at 08:41 AM
2

Hello Surya,

I understand that the Request Type should be used as input to the decision table of the initiator rule. If it is type 6 - Superuser Access, then the rule result will trigger the correct path, based on your MSMP configuration (Step 5 - Maintain Paths).

It won't disturb the requests for IDM (considering that the request type is different and also checked in the decision table).

You may need to define that type in SPRO > IMG > GRC > AC > User Provisioning > Define Request Type.

Cheers,
Gustavo

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Thank you Gustavo :) But in our current Decision table, there is no Request type as input column. If I need to add Request type as input column what will be the request type for requests coming from IDM? Can I leave it blank?

I shall test it in quality once business is Okay with the proposal. :)

1

Hi Surya,

You can set the first row of the decision table for request type 006 - Superuser. Then it can be blank for the other rows(IDM).

If you need to know the request type for IDM, check in SPRO > IMG > GRC > AC > User Provisioning > Define Request Type.

Cheers,
Gustavo

1
Ramesh Vithanala Feb 27 at 05:33 PM
1

Hi Surya,

Yes I agree with Gustavo, If the DT has the right Request type and the rule to be triggered, it should not be problem to enable workflow for FF requests.We have the same scenario and its working fine.

Thanks

Ramesh

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Thank you Ramesh :)

0