cancel
Showing results for 
Search instead for 
Did you mean: 
Read only

Role Methodology Access Restriction

Former Member
0 Likes
766

Hi,

We are implementing BRM for a client. And the client wants to divide the role methodology authorizations among 3 set of admins. Meaning the

  • First set of admins can only Define Role, Maintain Authorizations and Derive Roles.
  • Second set of users can do Risk Analysis and assign Mitigation controls, Attach Test Cases and Initiate Approval and the
  • Third set of admins can do Role Generation.

How do we achieve this? Can we restrict the above set of users to see only those Tabs(see below screen) which suit their Job?

Regards,

Mohamed Fazil

View Entire Topic
madhusap
Active Contributor
0 Likes

Hi Fazil,

We also have similar requirement where the team which creates roles through BRM are not aware of Risk analysis process and they don't want to perform risk analysis task. Below are steps we are following.

Role Management Team:

  • They receive a Service request for Creation of New Roles/Modification of existing roles from the Local Admin team with authorizations details.
  • Once received they will create role through BRM, and completes the steps Define Role and Maintain Authorization Data
  • Once they complete these steps will inform the GRC support team through Email to perform risk analysis for the roles which they created/modified.

GRC Support Team


  • GRC Support team will run Risk Analysis and Impact analysis for the role and if there are any risks will share the details with the Local Admin team (one who initiates role changes) who in turn will mitigate the risk or suggest to cancel the changes.
  • If mitigate the risk, then it goes for Mitigation Assignment Approver and once approved, Local admin team informs the GRC Support team
  • GRC Support team verifies and then informs the Role Management team to proceed with next steps.

Role Management Team:

  • After confirmation from GRC support team, Role management team initiates the approval and up on approval will generate the role.

Basically, we defined this for a client based on their requirement and they are following the same as part of their Post Go-Live Operations & Support (O&S) process. By this we are making clear that the concerned team is responsible for any discrepancies.

I am not sure whether you can restrict the steps in a methodology process based on authorizations or any other way. Let us check if the experts any advise for this even I am looking forward for that.

Regards,

Madhu.

alessandr0
Active Contributor
0 Likes

Dear both,

did you check authorization object GRAC_ROLED? Never tested this, but you can restrict the activity as follows:

01Create
02Change
03Display
06Delete
08Change History
38Perform
61Export
64Generate
71Analyze
90Copy
91Maintain Approvers
B3Derive
FSSearch All Roles
V1Compare
V2Synchronize
V3Maintain Authorization
V4Maintain Test Results
V5Assign Default Roles
V6Certify
V7Reaffirm

For example if the role management team should not be allowed to generate the roles do not give authorization for the same.

Does that answer the question?

Regards,

Alessandro

Former Member
0 Likes

Thanks Alessandro It works.