cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to user Application System privileges

srilakshmi_s2
Participant

on ‎10-12-2009 6:04 AM

0 Kudos

Hi

As part of GRC Initial Load , Application system privileges are created for each application(system id) .for example PRIV:SYSTEM:GRC:<system id> .

Please help me understand how these privileges can be used in provisioning/deprovisioning activities ..Since I read from one online GRC documentation that :

"

Create System Application Privileges: This pass creates a system application privilege that

is added to all accounts provisioned to the application managed by GRC. These are not real

privileges and will not be assignable as all others.

""

I hope these are used when creating user accounts in systems? . Not sure whether adding /removing this privilege would automate any of the process .

Please advise .

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎10-12-2009 6:19 AM
0 Kudos

Hi,

Once you have the privileges created from GRC, you can associate them with business roles, so when these roles are assigned to users, a GRC AC CUP request would be created for the access assignment automatically...

Cheers !!

Zaheer

Show replies
Show replies
Former Member
‎10-24-2009 8:06 PM
0 Kudos

Hi Zaheer

Can you please tell how the grc privileges will invoke the start privilege task and other tasks for submitting the request to GRC AC ?

Is it that for l grc privileges, you change in the " task field" and put the "start privilege task"? I tried that way but is giving me error

"

Unable to set value for attribute Assigned Privileges, detailed information (may not be translated): No such task"

Can you give a step by step proces for submiting a request to GRC AC 5.3 after the grc privileges are available in IDM 7.1 ?

Thank you

Sahad

srilakshmi_s2
Participant
‎10-25-2009 1:21 AM
0 Kudos

Hi Sahad ,

There are attributes "MX_ADD_MEMBER_TASK" and "MX_DELETE_MEMBER_TASK

" which is assigned to all the privileges within IDM .Tha value which we give here is the value of the constant START_PRIVILEGE_TASK for a GRC repository . So whenever an assignment is being done for MX_PERSON with a privilege whose "MX_ADD_MEMBER_TASK" and "MX_DELETE_MEMBER_TASK are appropriatly updated with correct value , then IDM will start the provisioning task for the assignment.

Experts ,

Please correct me if I am wrong .Thanks

Thanks

Former Member
‎10-25-2009 10:23 AM
0 Kudos

Hi gsapsdn,

>"MX_ADD_MEMBER_TASK" and "MX_DELETE_MEMBER_TASK

>" which is assigned to all the privileges within IDM

How we can assign the attribute MX_ADD_MEMBER_TASK" and "MX_DELETE_MEMBER_TASK to the privilage say PRIV:GRC:KMD:CO:ACTUAL_POSTINGS ?

How it will call the task to submit the request to grc ?

srilakshmi_s2
Participant
‎10-25-2009 8:57 PM
0 Kudos

Hi Sahad,

While creating privileged in Identity center , you can link these attributes to the privileges . Please go through this link for getting some idea on how it triggers the GRC request automatically when they are assigned to a user.

http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/30027e41-b5cd-2b10-4593-df65027f8c55&override...

Thanks

Ask a Question