on 04-16-2014 10:19 PM
Hi Venkat
What was your configuration for the GRAC_DEFAULT_PATH/GRAC_DEFAULT_STAGE? What was the Agent?
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Venkat
What is your custom rule for Z_GRAC_POC_DEFAULT? How is that determined?
If your ARQ workflow is for User Access Request and Firefighter you might need an initiator rule to split based on request type so you can direct FF requests down a different path for a different agent.
Regards
Colleen
Thanks
Hi Colleen,
What is your custom rule for Z_GRAC_POC_DEFAULT? How is that determined?
Our custom rule for GRAC_MSMP_DETOUR_SODVIOL is If SOD's are found the request will be routed to local controller for Mitigating controls.
If your ARQ workflow is for User Access Request and Firefighter
Yes we are using the same ARQ workflow for User Access Request and Firefighter
You might need an initiator rule to split based on request type so you can direct FF requests down a different path for a different agent.
How to create a new initiator rule for FF
Regards,
Venkat
Hi Venkat
Our custom rule for GRAC_MSMP_DETOUR_SODVIOL is If SOD's are found the request will be routed to local controller for Mitigating controls.
I meant - what is the Agent Rule for Agent Id Z_GRAC_POC_DEFAULT? Go to the Agents tab and see what has been defined there. That tells the MSMP which approver to send the request to?
How to create a new initiator rule for FF
Search SCN and you will find a heap of articles on that. Go to GRC documents and check the list. there are heap that explain initiator rule and BRF+
This will depend on your Agent Rule and intention for Z_GRAC_POC_DEFAULT. If you need to handle FF requests differently to other access requests then you need to send them down different paths.
Regards
Colleen
Hi Venkat
Your agent is the GRAC_MSMP_ROLEOWNER_AGENT
This will only work for typical UAR when user is requesting a role and in BRM the role owner for approval has been assigned
You need to do an initiator rule to split requests based on request type so that you can send FF requests to a different path and choose a more appropriate agent.
Multi Step Multi Process – GRC’s an... | SCN
As mentioned, SCN has a heap of questions on initiator rule using request type as well as wiki articls such as the one below:
BRF plus Flate Rule - GRC Integration - Governance, Risk and Compliance - SCN Wiki
Regards
Colleen
Hi Venkat
Every configuration step needs to be mapped fully or removed. Last screen shot tells you the error:
Routing Result xxxxx GRAC_MSMP_DETOUR_SODVIOL used in DEFAULT_PATH_1/001 not mapped
You either need to map it or go to Stage 001 in DEFAULT_PATH_1 and remove it
Looks like you are getting there
As a side note, in BRF+ decision table for Z_BRF_FF_INITIATOR you have only accounted for request type 006 (FF). If someone lodged a request for other access like Create User they will get an error message. You need to add at least one more entry (in the document I wrote I mentioned as the catch all): Add entry for reqtype <>006 to cover normal UAR or you will get error on submission
include that result in MSMP as well
Regards
Colleen
Hi Colleen,
Thanks for your help.
I configured successfully the SuperUser Provisioning.
I need help with the FF Log Notification we are receiving E-mails when the Firefighter logs in and log Notification.
I created two Notifications for Return and Forward event in workflow. We are receiving E-Mails also but the Subject is New Work Item - Log Report Review for Forward or Return.The subject should be FireFighter ID Forward Notification and the content should be
Dear Controller,
There are new FF Logs in your work inbox. Please perform the necessary actions.
How does the subject and body which is updated in the SE61 will be sent to the controller when forwarded.
Attached the screenshots.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.