Skip to Content
avatar image
Former Member

IdM driven Riskanalys in GRC AC

Hello everybody,

something I am not sure about, so i better ask:

If I look at that attached workflowsheet, I gess if IdM lets GRC perform a risk analysis with the roles in the GRC repository or if it does a simulation with the repository roles and the roles of the IdM request?

Regards

Frank

idm-workflow-02.jpg (561.3 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • avatar image
    Former Member
    Jan 02, 2017 at 05:49 AM

    Hi Frank,

    I think it will perform risk analysis for roles available in GRC system. I still keep my guess open for non-sap roles too!

    Regards,

    Faisal

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 03, 2017 at 08:17 AM

    Roles or priviliges? It should be the privileges , and it would be logical if it would test the existing privileges plus the applied privileges of the requestor. (AC Validation - AC Risk Analysis Only - Scenario)

    Regards

    frank

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 03, 2017 at 12:44 PM

    yes, agree.

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 08, 2017 at 04:33 AM

    hi frank,

    As per my knowledge Only risk analysis is performed and the result can sent back to idm and based on the result we can configure in idm whether privileges can be assigned to the user.

    Create one custom attribute for a privilege and it defines whether grc check is required or not at the time of assignment request and pushes the data to grc nd it calculates risk analysis and returns back to idm.

    Regards,

    DP

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 08, 2017 at 11:44 PM

    Frank,

    The way this integration works is this: the initial set up and integration requires a couple of jobs in IdM to be executed. The job will tag the IDM privileges that are found in GRC with GRC-specific attributes (MX_AC*). When these privileges are requested (either directly MX_PRIVILEGE or indirectly MX_ROLE), IDM can query GRC for risks created by the existing access a user has PLUS the requested access (being presented by IDM currently). Depending on the result risk result, you can customize how IDM responds. By design, if any risk is found (irrespective of level: low, medium, high, and/or critical) the IDM request is denied. This stops the provisioning process in IDM.

    Hope this helps...

    Add comment
    10|10000 characters needed characters exceeded