Skip to Content
0

IdM driven Riskanalys in GRC AC

Dec 26, 2016 at 08:46 AM

76

avatar image
Former Member

Hello everybody,

something I am not sure about, so i better ask:

If I look at that attached workflowsheet, I gess if IdM lets GRC perform a risk analysis with the roles in the GRC repository or if it does a simulation with the repository roles and the roles of the IdM request?

Regards

Frank

idm-workflow-02.jpg (561.3 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

5 Answers

avatar image
Former Member Jan 02, 2017 at 05:49 AM
0

Hi Frank,

I think it will perform risk analysis for roles available in GRC system. I still keep my guess open for non-sap roles too!

Regards,

Faisal

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Jan 03, 2017 at 08:17 AM
0

Roles or priviliges? It should be the privileges , and it would be logical if it would test the existing privileges plus the applied privileges of the requestor. (AC Validation - AC Risk Analysis Only - Scenario)

Regards

frank

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Jan 03, 2017 at 12:44 PM
0

yes, agree.

Share
10 |10000 characters needed characters left characters exceeded
Deva Prakash B Jan 08, 2017 at 04:33 AM
0

hi frank,

As per my knowledge Only risk analysis is performed and the result can sent back to idm and based on the result we can configure in idm whether privileges can be assigned to the user.

Create one custom attribute for a privilege and it defines whether grc check is required or not at the time of assignment request and pushes the data to grc nd it calculates risk analysis and returns back to idm.

Regards,

DP

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Jan 08, 2017 at 11:44 PM
0

Frank,

The way this integration works is this: the initial set up and integration requires a couple of jobs in IdM to be executed. The job will tag the IDM privileges that are found in GRC with GRC-specific attributes (MX_AC*). When these privileges are requested (either directly MX_PRIVILEGE or indirectly MX_ROLE), IDM can query GRC for risks created by the existing access a user has PLUS the requested access (being presented by IDM currently). Depending on the result risk result, you can customize how IDM responds. By design, if any risk is found (irrespective of level: low, medium, high, and/or critical) the IDM request is denied. This stops the provisioning process in IDM.

Hope this helps...

Share
10 |10000 characters needed characters left characters exceeded