We use position based security in our ERP system and are implementing GRC. In our BI system the roles are directly assigned to the User ID, but we need them to dynamically update if a position change occurs. We have this functionality working in QAS by implementing CUA, but we are considering if IDM can be used instead. There seems to much less documentation on how to configure IDM with position based security (compared to CUA), so I have a few questions.
Assuming IDM is receiving its provisioning requests from GRC, can it be configured to provision a role to the position on one system and a user on another?
How can IdM be configured to react to a position change and update the roles appropriately?
Has anyone implemented GRC and IDM with position based security?